Phoenix Purple

AI-Native
Code Security
Without Limits

AI SAST + SCA that thinks like a senior engineer. Multi-repo, pipeline-less PRs, 90% token savings — fully integrated with your AI coding tools.

AI SAST SCA 90% token saving multi-repo pipeline-less PR AI triage no context limit IDE hooks
Get Early Access Book a Demo
 
phoenix purple // live scan
01 — The Problem

AI writes code faster
than security can keep up

The average developer using AI coding tools ships 2–3x more code per sprint. Traditional SAST tools weren’t built for that velocity. They miss AI-introduced patterns, drown teams in false positives, and grind CI pipelines to a halt.

Before AI coding tools
~200 files
per sprint, per developer
Security scanners had time to catch up. Teams ran weekly scans. Backlogs were manageable. False positives were annoying but survivable.
With Claude Code, Cursor, Codex
600–800 files
per sprint, same developer
AI generates code in patterns your scanner has never seen. Every PR is a full codebase diff. Traditional tools can’t scan fast enough — and miss the vulnerabilities that matter.
False calm

The vulnerability your scanner missed

Copilot generates an authentication handler. It looks right. Your scanner flags nothing — the pattern is novel, the rule doesn’t exist yet. Six weeks later, a penetration tester finds a JWT bypass in production. The code was in the repository the whole time.

AI-introduced patterns · missed by rule-based scanners
False urgency

800 findings. 12 that actually matter.

Your scanner found 800 issues in the sprint’s output. Your security engineer spends three days triaging. 788 are unreachable dead code, test utilities, or dependency noise. The 12 real ones are buried. Two ship to production.

Knowledge-graph validation · reachability analysis · <10% false positives
02 — How It Works

A knowledge graph, not just a rule set

Phoenix Purple builds a persistent knowledge graph of your codebase. Every function, every call path, every data flow — mapped and queryable. Vulnerabilities are validated against actual reachability before they reach your team.

01
Parse & map
Tree-sitter AST parsing across 7 languages at ~500–1000 files/second. Every symbol, import, and call site extracted in parallel.
TypeScript · JavaScript · Python · Go · Kotlin · Java · Rust
02
Build the call graph
JGraphT constructs a directed graph with 2,000–5,000 symbols and 3,000–10,000 edges. PageRank scores entry points. 70–90% call site resolution rate.
PageRank scoring · entry point detection · taint flow analysis
03
Detect vulnerabilities
2,204 OpenGrep rules across FAST, SMART, and DEEP scan modes. Taint traces follow data from untrusted sources (HTTP handlers, user input) to dangerous sinks (SQL, command execution, file writes).
SQL injection · XSS · command injection · SSRF · path traversal
04
Validate with adversarial AI
Three independent AI personas — validator, skeptic, exploit developer — challenge every finding before it’s reported. The result: under 10% false-positive rate, even on AI-generated code.
Multi-pass AI · adversarial verification · <10% false positives
05
Delta scan on every PR
A 5-file change in a 50,000-node repo drops from 30–90 seconds to under 3 seconds via in-place graph mutation. Container restarts: under 5 seconds. No full rebuilds unless the schema changes.
Delta analysis · <3s incremental · zero-config PR scanning
03 — Capabilities

Security that speaks
your AI’s language

Phoenix Purple is built for teams shipping AI-generated code at pace. Fast enough for pre-commit hooks. Smart enough to eliminate false positives.

 
AI SAST + SCA
2,204 OpenGrep rules combined with knowledge-graph reachability. Catches what rule-based scanners miss in AI-generated code. SCA cross-references your SBOM against NVD, OSV, and GitHub Advisory databases.
2,204 rules · CycloneDX 1.6 SBOM · NVD + OSV matching
 
90% Token Usage Saving
Phoenix compresses codebase context before it reaches the model. Only reachable, relevant code paths are sent — not the entire repository. No context window limits. No chunking. No truncation.
~90% token reduction · no context limit · full repo coverage
 
Adversarial AI Triage
Three independent AI personas challenge every finding: a validator checks reachability, a skeptic questions severity, an exploit developer attempts to prove exploitability. Under 10% false positives. Every time.
<10% false positives · adversarial verification
 
Multi-Repo Workspaces
Scan your entire organisation in parallel. SBOM generation runs across all repos simultaneously (semaphore-bounded, 3 concurrent by default). Cross-repo dependency correlation surfaces risks that single-repo scanning misses.
parallel scanning · org-wide SBOM · cross-repo correlation
 
IDE Integration + Hooks
Pre-commit hooks block vulnerable code before it enters the repository. Editor plugins surface findings inline as you type. MCP server exposes 20+ tools to Claude Code, Cursor, and any AI assistant that speaks Model Context Protocol.
MCP server · 20+ tools · pre-commit hooks · IDE plugins
 
Pipeline-less PR Scanning
GitHub App webhook-driven. Zero YAML. Zero CI configuration. Phoenix installs as a GitHub App, listens for PR events, and posts security findings as check runs — with graph-overlay diffs showing exactly what changed.
zero config · GitHub App · graph overlay diffs · SARIF output
04 — Scan Modes

Pick your speed. Change it per repo.

Three scan modes let teams balance speed, cost, and depth. Switch per repository, per branch, or per PR policy.

FAST
Seconds
Free
OpenGrep rules only. No AI validation. Ideal for pre-commit hooks and high-frequency branch scanning where speed matters more than depth.
pre-commit · branch scan · CI gate
Most popular
SMART
10–30 seconds
$0.20 – $1.00
Knowledge-graph enrichment + AI validation. Graph context dramatically cuts false positives. The right balance for PR scanning on most codebases.
PR scanning · graph enrichment · AI validation
DEEP
1–5 minutes
$0.50 – $3.00
Full adversarial AI verification. Exploit Hunt generates runnable proof-of-concept scripts. Use for release candidates, security audits, or high-risk service changes.
release scan · exploit hunt · proof-of-concept generation
Compatible with
Gemini Antigravity
Claude Code
Codex
Cursor
GitHub Copilot
VS Code
JetBrains
Neovim
05 — Get Access

Pre-register for
Phoenix Purple

Early access is open to security engineers, AI developers, and engineering leaders building with AI coding tools. No sales call required. Explore the platform, run your code, see if it fits your environment.

Security engineers AI developers Engineering leaders

Access granted on a rolling basis.

→ Phoenix Security Platform → LLM Threat-Centric eBook
Request Access
Leave your details. We’ll send credentials when your spot is ready.

 

3 critical zero-days. 1 exploit chain. Claude Code. Phoenix Security found what Anthropic missed →

Derek

Derek Fisher

Linkedin

Head of product security at a global fintech

Derek Fisher – Head of product security at a global fintech. Speaker, instructor, and author in application security.

Derek is an award winning author of a children’s book series in cybersecurity as well as the author of “The Application Security Handbook.” He is a university instructor at Temple University where he teaches software development security to undergraduate and graduate students. He is a speaker on topics in the cybersecurity space and has led teams, large and small, at organizations in the healthcare and financial industries. He has built and matured information security teams as well as implemented organizational information security strategies to reduce the organizations risk.

Derek got his start in the hardware engineering space where he learned about designing circuits and building assemblies for commercial and military applications. He later pursued a computer science degree in order to advance a career in software development. This is where Derek was introduced to cybersecurity and soon caught the bug. He found a mentor to help him grow in cybersecurity and then pursued a graduate degree in the subject.

Since then Derek has worked in the product security space as an architect and leader. He has led teams to deliver more secure software in organizations from multiple industries. His focus has been to raise the security awareness of the engineering organization while maintaining a practice of secure code development, delivery, and operations.

In his role, Jeevan handles a range of tasks, from architecting security solutions to collaborating with Engineering Leadership to address security vulnerabilities at scale and embed security into the fabric of the organization.

Jeevan Singh

Jeevan Singh

Linkedin

Founder of Manicode Security

Jeevan Singh is the Director of Security Engineering at Rippling, with a background spanning various Engineering and Security leadership roles over the course of his career. He’s dedicated to the integration of security practices into software development, working to create a security-aware culture within organizations and imparting security best practices to the team.
In his role, Jeevan handles a range of tasks, from architecting security solutions to collaborating with Engineering Leadership to address security vulnerabilities at scale and embed security into the fabric of the organization.

James

James Berthoty

Linkedin

Founder of Latio Tech

James Berthoty has over ten years of experience across product and security domains. He founded Latio Tech to help companies find the right security tools for their needs without vendor bias.

christophe

Christophe Parisel

Linkedin

Senior Cloud Security Architect

Senior Cloud Security Architect

Chris

Chris Romeo

Linkedin

Co-Founder
Security Journey

Chris Romeo is a leading voice and thinker in application security, threat modeling, and security champions and the CEO of Devici and General Partner at Kerr Ventures. Chris hosts the award-winning “Application Security Podcast,” “The Security Table,” and “The Threat Modeling Podcast” and is a highly rated industry speaker and trainer, featured at the RSA Conference, the AppSec Village @ DefCon, OWASP Global AppSec, ISC2 Security Congress, InfoSec World and All Day DevOps. Chris founded Security Journey, a security education company, leading to an exit in 2022. Chris was the Chief Security Advocate at Cisco, spreading security knowledge through education and champion programs. Chris has twenty-six years of security experience, holding positions across the gamut, including application security, security engineering, incident response, and various Executive roles. Chris holds the CISSP and CSSLP certifications.

jim

Jim Manico

Linkedin

Founder of Manicode Security

Jim Manico is the founder of Manicode Security, where he trains software developers on secure coding and security engineering. Jim is also the founder of Brakeman Security, Inc. and an investor/advisor for Signal Sciences. He is the author of Iron-Clad Java: Building Secure Web Applications (McGraw-Hill), a frequent speaker on secure software practices, and a member of the JavaOne Rockstar speaker community. Jim is also a volunteer for and former board member of the OWASP foundation.

Join our Mailing list!

Get all the latest news, exclusive deals, and feature updates.

The IKIGAI concept
Protected By
Shield Security PRO