Phoenix Security turned heads at the OWASP London Chapter event on June 26 with a bold stance on AI, vulnerability management, and the power of a human-first approach to application security. The event, hosted at Thought Machine HQ in London, was a full house — and not just for the fast LEGO cars and legendary swag.
Francesco Cipollone speaking at OWASP London
The Human-Centric AI Second Initiative
AI is being integrated everywhere in security tooling, often without regard to how engineers actually work. Phoenix Security offered a different take: AI should serve humans, not the other way around.
Francesco Cipollone’s keynote dove into the AI Second mindset, warning against blindly offloading sensitive data into LLMs without structure or policy. The real innovation lies in building systems that enhance human decisions — not replace them.
This wasn’t a theory. Phoenix Security showcased live integrations of AI-powered threat-centric agents developed in collaboration with Google, built to correlate CVEs with exploitability and risk in real time.
AI Threat Centric Approach on vulnerabilities
ASPM with Threat-Centric Intelligence
Application Security Posture Management (ASPM) took center stage as Phoenix Security demonstrated how it bridges traditional vulnerability management gaps.
Instead of flooding DevSecOps teams with thousands of low-priority alerts, ASPM filters and prioritizes vulnerabilities based on real-world exploitability and cloud context. Combined with Phoenix’s threat-centric AI, this enables teams to shift from remediation-by-spreadsheet to strategic, risk-based decisions.
Key capabilities highlighted:
- Real-time CVE correlation across code, pipelines, and cloud workloads.
- Integration with cloud misconfiguration scanners for complete code-to-cloud visibility.
- Automated remediation workflows prioritized by business impact.
Phoenix Security demoing ASPM dashboard for DevSecOps teams
DevSecOps With Speed and Precision
Where most vendors promise automation, Phoenix Security delivers intelligence. Our DevSecOps strategy aligns security automation with engineering reality — no more endless Jira tickets with “fix someday” status.
By embedding ASPM across SDLC stages — from code commit to cloud deployment — teams gain:
- Centralized visibility on vulnerabilities tied to actual assets.
- Contextual remediation playbooks, not generic patches.
- Feedback loops to development without alert fatigue.
Attendees saw how this model accelerates secure releases while reducing mean time to remediation (MTTR).
From Autographs to Asphalt: Racing Through AppSec Fun
OWASP London wasn’t just technical — it was memorable. I signed copies of “Application Security: The Phoenix Way”, and attendees competed in LEGO race car challenges for exclusive swag.
The community was front and center. Hosted by OWASP’s Sam Stepanyan — a mainstay in the London security scene — the atmosphere reflected what OWASP is all about: open knowledge, real conversations, and cutting through the AI hype with honesty.
Where ASPM Meets Reality
OWASP London confirmed that ASPM isn’t just another acronym — it’s a reality, reshaping how security fits into the software delivery chain. With vulnerability management often seen as reactive or noisy, Phoenix Security offers clarity, prioritization, and action.
Attendees left with more than LEGO cars. They walked away with:
- A blueprint for risk-based remediation.
- Insights into using AI where it actually helps.
- A model for making AppSec measurable, human, and fast.
Next up? Phoenix heads stateside for OWASP DC. But London, as always, was the proving ground — and it delivered.
Want to future-proof your DevSecOps? Start with visibility, automation that matters, and ASPM that works.
Ready to Slash the Noise?
If you’re tired of chasing vulnerabilities that don’t matter—or worse, don’t even exist in runtime—Phoenix Security’s Container Lineage, Contextual Deduplication, and Throttling features are built to cut your backlog down to what’s real.
Not noise. Not theory. Actionable security.
📍 Want to dive deeper?
How Phoenix Security Can Help with Container Vulnerability Sprawl
Application Security and Vulnerability Management teams are tired of alert fatigue. Engineers are buried in vulnerability lists that say everything is critical. And leadership? They want to know what actually matters.
Phoenix Security changes the game.
With our AI Second Application Security Posture Management (ASPM), powered by container lineage, contextual deduplication, and container throttling, we help organizations reduce container false positives up to 98% and remove up to 78% of false positives in container open source libraries, pointing the team to the right remediation
Why Container Lineage Matters:
Most platforms tell you there’s a problem. Phoenix Security tells you:
- Where it lives (code, build, container, cloud)
- Who owns it
- If it’s running
- If it’s exploitable
- How to fix it
All of this is delivered in one dynamic, prioritized list, mapped to the real attack paths and business impact of your applications.
Here’s What You Get:
- Contextual Intelligence from Code to Runtime: Understand which vulnerable components are actually deployed and reachable in production, not just listed in a manifest.
- Noise Reduction with Automated Throttling: Disable inactive container alerts and slash duplicate findings by over 90%, letting your team focus on the vulnerabilities that matter.
- 4D Risk Scoring That Maps to Real-World Threats: Built-in exploit intelligence, Probability of exploitation, EPSS, exposure level, and business impact baked into a customizable formula. No more CVSS-only pipelines.
Vulnerability overload isn’t a badge of diligence—it’s a liability.
Container lineage in Phoenix Security helps you shut down false positives, stop chasing ghosts, and start solving the right problems.
Or learn how Phoenix Security slashed millions in wasted dev time for fintech, retail, and adtech leaders.
