Bright Security has introduced an autonomous AI agent for the GitHub Marketplace, capable of automating the full cycle of Dynamic Application Security Testing (DAST) and API testing, including independent code deployment and remediation of discovered vulnerabilities.
What Happened
The new agent from Bright Security automates the Dynamic Application Security Testing (DAST) and API process. It is capable of independently deploying applications from source code, configuring authentication, and performing scans via Bright Repeater. In full mode, the agent not only finds vulnerabilities but also proposes ready-to-use fixes, subsequently performing up to five verification iterations to confirm the correctness of the solution.
Context
Traditionally, DevSecOps processes are often limited to monitoring and reporting modes, which creates a heavy workload for specialists. Using local targets (localhost) during the scanning process helps minimize security risks when the agent operates directly within the GitHub environment.
Why It Matters for the Industry
Automating the "find — fix — verify" cycle marks a shift from passive scanning to an active, closed-loop security model. This accelerates the integration of DevSecOps into the Software Development Life Cycle (SDLC) and changes the economics of security, allowing companies to standardize automated testing at the Pull Request level.
Why It Matters for Users
Developers can delegate routine security checks of Pull Requests to an autonomous agent operating directly within GitHub. This significantly reduces time spent on repetitive tasks, accelerates the feedback loop, and minimizes the risk of introducing new vulnerabilities during manual code fixes.
What Is Not Yet Known / Limitations
Delegating control to an AI system creates new risks related to access management and the protection of intellectual property.
Sources
Author
Look at AI, Editorial Team