Aikido Launches Code Audit: AI-Powered Tool to Find Complex Logic Vulnerabilities Before They Ship

Summary

Aikido has launched Code Audit, an AI-powered security tool that uses agentic reasoning to identify complex, multi-step vulnerabilities in source code—filling the gap between traditional SAST tools and penetration testing. The product is designed to catch logic-based flaws like IDOR chains, ReDoS patterns, and authorization bypass routes that pattern-matching security scanners cannot detect. Code Audit works entirely on static code without requiring live staging environments, making it applicable to web apps, mobile apps, smart contracts, and legacy codebases alike.

According to Aikido, the tool covers approximately 70-80% of what a full penetration test surfaces at roughly 10x lower cost. Early users have discovered a median of ~25 security issues per codebase, with every audit finding at least one vulnerability. Each finding includes root cause analysis, code-based evidence, and an AutoFix feature that automatically generates pull requests to remediate issues. The timing of the release comes amid growing concerns about increasingly capable AI models being leveraged by attackers to discover and chain exploits automatically.

• Applicable across web apps, mobile apps, smart contracts, and legacy languages with thin SAST coverage; includes AutoFix capability for instant remediation

Editorial Opinion

Code Audit represents a shrewd defensive application of agentic AI at a critical inflection point: as increasingly capable models become available to attackers through jailbreaks and open-source releases, organizations need equivalent capability on the defense side. By automating the discovery of logic-based vulnerabilities that humans struggle to find systematically, Aikido is addressing a genuine gap in the security tooling landscape. This could prove transformative for teams managing complex codebases where pentests are infrequent and SAST tools are inherently limited.