LONDON, England (July 7, 2026) — Phoenix Security today launched Phoenix Purple, an engineering-first application security platform. It connects directly to AI coding agents, cuts scanning token cost by 10 to 33 times through graph-native code intelligence, and delivers fixes as pull requests instead of tickets. There’s no CI wiring or onboarding project to set up. Phoenix Purple extends Phoenix Orange, the ASPM platform already running prioritization, deduplication, and code-to-cloud vulnerability management in production at ClearBank, Bazaarvoice, and Ad-Tech Leader.
Agents now write more code than any engineer, or any security engineer, can review. They open pull requests by the minute and pull in dependencies nobody reads. By the time a finding reaches a pull request it’s already too late, and the tooling around it was built for a slower world: file-by-file scanners paying frontier-model rates to read millions of clean lines, then dropping results into tickets that may never reach the developer who can act.
Phoenix Purple starts somewhere else. The knowledge graph does the work, not the frontier model. Because the graph already knows what’s reachable and where untrusted input flows, the model only gets asked the questions worth paying for. That one decision is what moves the cost, the speed, and what security can actually hand back to engineering.
Contents
ToggleA founder’s note
“Phoenix Purple has been my dream for years. Back when I was leading security engineering, this is the workflow I wanted for my team and couldn’t build: catch the real vulnerability inside the agent, before the pull request, and hand the engineer a fix instead of a ticket. Agents and LLMs finally make it possible. We take millions of findings down to the handful that are true and exploitable, and fix them before a line merges. That’s the dream of every security professional, and it’s what we shipped.”
— Francesco Cipollone, CEO & Co-Founder, Phoenix Security
Engineering-first: security that lives where developers work
The Purplephx integration ships for Cursor, VS Code, Claude Code, and Windsurf. A GitHub App handles pipelineless pull-request scanning: install it, and the next PR gets scanned, with findings surfaced as inline comments that already explain what’s wrong, why it matters, and what the fix is. MCP server integration makes the knowledge graph queryable straight from the coding agent, so it reaches the right answer faster and on far fewer tokens. The same graph that makes scanning cheap makes the agent cheaper to run.

Graph-native scanning: 10–33× lower token cost
A file-by-file harness scans everything. Phoenix scans what matters. The graph gets built once, parsing seven languages and mapping call graphs, taint traces, entry points, and reachable paths. After that, every scan navigates the graph with intent and updates it on each change. On a modeled 1,000-repo fleet at 250,000 lines each, scanned monthly, graph-native scanning ran at $3.60 per confirmed vulnerability against $64.30 for a file-by-file harness on the same frontier model, roughly 87% lower for the same findings. The gap grows as codebases grow: file-by-file cost climbs with every line, while graph-native cost stays tied to real findings. Model your own fleet at ai-scan-cost.phoenix.security.

Pipelineless PR scanning and multi-repo intelligence
Every PR diff is scanned against the graph, including the call-graph neighbors a change touches but doesn’t directly edit. Change a utility function that’s called from an auth path, and it gets evaluated in the context of that auth path. That’s what N+1 contextual pull-request analysis means. Multi-repo intelligence takes it across the estate: a flaw in a shared library gets attributed to every repo that imports it, with reachability judged per repo and findings routed to the team that owns them. One backlog, one burn rate, full attribution.

Fix delivery: remediation as a pull request
Once findings are ranked by real risk (reachability, EPSS, CISA KEV status, weaponization, business context), Phoenix Green writes the fix as a pull request with the threat context already in the description. The engineer approves or requests changes. They don’t investigate, replicate, or write the fix. Risk tiering sets the path: safe changes move fast, moderate ones carry a review flag, and anything breaking or dangerous needs explicit human approval before it can merge. Nothing auto-merges without the right signal, and a person always decides what ships.
One graph, both halves, one program
Phoenix Orange answers what to fix and in what order. It aggregates every scanner into a single queue, strips out unreachable noise, attributes findings to the right team, and connects code-level findings to the cloud service where they run. In production that’s meant a 98% reduction in container vulnerabilities at ClearBank, $6.3M in developer time saved at Bazaarvoice, and a 78% reduction in active container vulnerabilities plus $1.95M saved at IAS. Phoenix Purple covers the other half: keep new vulnerabilities out of the code, then close the loop by shipping the fix. Between them they run the full Agentic SDLC Security program (control the agent, close the tap, burn the backlog), with the knowledge graph as the layer that ties it together.
Availability
Phoenix Purple is available now in general availability.
Details: phoenix.security/phoenix-purple-ai-sast-sca-ai-generated-code.
Control framework: phoenix.security/agentic-sdlc-security-control-framework-three-pillars.
Cost calculator: ai-scan-cost.phoenix.security.
Open-source agent-scaffolding skills: github.com/Security-Phoenix-demo/security-skills-claude-code.
Demo: phoenix.security/request-a-demo.
About Phoenix Security
Phoenix Security is an Actionable ASPM platform that correlates vulnerabilities from code to cloud, turning fragmented findings into a single, prioritized remediation flow. Through reachability analysis, contextual deduplication, and risk-based prioritization, Phoenix helps security and engineering teams cut the noise, fix what counts, and scale without scaling headcount.