AI for Security Engineers 2026: SAST, Threat Modeling, IaC Scanning
Semgrep + LLM SAST/DAST triage, attack-path generation, secure code, secret detection
Last updated: April 19, 2026
Security engineering is dominated by three kinds of work: triage (alert fatigue), design review (threat modeling), and prevention (SAST, DAST, secret scanning). In 2026, AI finally moves the needle on all three. Semgrep Multimodal (launch announcement) combines program analysis with LLM reasoning; Claude Opus 4.7 writes threat models that hold up in review; and AI-augmented secret detection drops false positives by an order of magnitude. This guide covers the full workflow for Indian AppSec and product-security engineers.
Key Takeaways
- Semgrep Multimodal merges static analysis with LLM reasoning for up to 8x more true positives and 50% less noise.
- SAST triage now handles 60%+ of findings automatically (Semgrep triage stats).
- Threat modeling with Opus 4.7 scales to component-level reviews your team actually does.
- Attack-path generation ranks remediation by realistic exploitability.
- Secure-code generation is trustworthy with SAST + human review + attack-pattern tests as gates.
The AI-AppSec Stack 2026
+--------------------+ +--------------------+
| Source repos |--->| Semgrep Multimodal | SAST + LLM triage
+--------------------+ +--------------------+
|
+--------------------+ +--------------------+
| Deployed services |--->| DAST (ZAP, Burp) | runtime scanning
+--------------------+ | + LLM triage |
+--------------------+
|
+--------------------+ +--------------------+
| IaC repos (TF/K8s) |--->| IaC scanner + LLM | config + LLM reason
+--------------------+ +--------------------+
|
v
+--------------------+
| Findings pipeline |
| (Jira, PagerDuty) |
+--------------------+
|
v
+--------------------+
| Remediation agent | (opt-in, gated)
| (Claude Agent SDK) |
+--------------------+
The rule: AI reads everything; humans approve every fix that touches production.
Part 1: SAST Triage with LLMs
Most SAST output is noise. Semgrep Multimodal uses LLM reasoning to filter findings by whether taint actually reaches a sink and whether mitigating context (input validation, framework protections, feature flags) makes the finding moot.
Running Semgrep + Assistant
# CI step
semgrep ci \
--config p/default \
--config p/owasp-top-10 \
--config p/r2c-security-audit \
--sarif-output findings.sarif \
--enable-ai-triage
With --enable-ai-triage, each finding gets an Assistant annotation: true_positive, false_positive, or needs_review with a one-line justification.
Custom triage prompts
For custom SAST rules or internal analyzers, script triage with Opus 4.7:
from anthropic import Anthropic
client = Anthropic()
def triage(finding, surrounding_code, project_context):
response = client.messages.create(
model="claude-opus-4-7",
max_tokens=1024,
messages=[{
"role": "user",
"content": f"""Triage this SAST finding:
Rule: {finding['rule_id']}
Severity: {finding['severity']}
Location: {finding['file']}:{finding['line']}
Pattern: {finding['pattern']}
Surrounding code (20 lines before + 20 after):
{surrounding_code}
Project context:
- Framework: {project_context['framework']}
- Known mitigations: {project_context['mitigations']}
- Trust boundary of this file: {project_context['trust_boundary']}
Return JSON:
{{
"verdict": "true_positive|false_positive|needs_review",
"confidence": 0.0-1.0,
"reasoning": "one paragraph",
"recommended_fix": "code change or N/A"
}}""",
}],
)
return parse_json(response.content[0].text)
Run this as a GitHub Actions job on every PR. True positives block merge; false positives auto-close with a comment explaining why.
Part 2: Threat Modeling with Opus 4.7
Component-level STRIDE
claude-code --effort xhigh "Produce a STRIDE threat model for this
service. Inputs:
- Architecture diagram (attached as architecture.md)
- Data flow diagram (attached)
- Trust boundaries listed in threat-model/boundaries.md
For each STRIDE category (Spoofing, Tampering, Repudiation,
Information Disclosure, Denial of Service, Elevation), list:
1. Specific threats (not generic OWASP items)
2. Affected components
3. Existing mitigations (reference code paths)
4. Residual risk rating (Low/Medium/High/Critical)
5. Proposed new mitigations
Output as a Markdown table, one row per threat.
"
Example output fragment:
| STRIDE | Threat | Component | Mitigation | Residual | Proposed |
|--------|--------|-----------|-----------|----------|----------|
| T | Tampering with order total via idempotency key replay |
/api/v1/checkout | Server-side idempotency store (Redis) |
Medium | Add HMAC signature on client-side total |
| I | Order history leakage via IDOR on /orders/:id |
OrderController | Row-level auth via
[Authorize(Policy="OwnResource")] | Low | Add tenant_id guard |
Feed this through a human review. Opus 4.7 is good at surfacing candidates; humans decide priority.
Part 3: Attack-Path Generation
Unlike a single-finding triage, attack paths chain findings into realistic scenarios.
# Input: a list of scanner findings, architecture context
# Output: ranked attack paths
response = client.messages.create(
model="claude-opus-4-7",
max_tokens=4096,
messages=[{
"role": "user",
"content": f"""Given these 50 SAST and DAST findings,
this architecture summary, and this list of discovered
misconfigurations in AWS IAM and Kubernetes RBAC,
construct the top 5 realistic attack paths.
For each path:
1. Entry point (specific endpoint or component)
2. Each step (finding ID -> impact)
3. End impact (data class, scope)
4. Exploitability: Low/Medium/High
5. Detection likelihood: Low/Medium/High
6. Remediation priority
Findings: {findings}
Architecture: {arch}
Misconfigurations: {misconfigs}
""",
}],
)
Example output:
Attack Path 1: Public API -> SSRF -> Metadata -> Creds -> RDS
Exploitability: High. Detection: Low. Priority: P0.
Step 1: /api/v1/url-preview (finding SAST-7823) accepts
arbitrary URLs, fetches them server-side.
Step 2: Fetch http://169.254.169.254/latest/meta-data/
iam/security-credentials/ (IMDSv1 still enabled per
IaC-SCAN-421).
Step 3: Extract temporary credentials. Use AWS SDK to
assume role ec2-app-role.
Step 4: Role has rds:DescribeDBInstances + s3:GetObject
(IAM-AUDIT-98). List RDS instances.
Step 5: Use s3:GetObject to dump nightly RDS backups from
private bucket (no bucket ACL per IAM-AUDIT-72).
Impact: Full production customer database exfiltrated.
Remediation:
- Enforce IMDSv2 on all EC2 (IaC-SCAN-421)
- Remove rds:Describe* from ec2-app-role (IAM-AUDIT-98)
- Add allowlist to /api/v1/url-preview (SAST-7823)
- Enable bucket-policy deny-by-default on backup bucket
This kind of path reasoning used to be manual red-team work. AI does the first draft in seconds.
Part 4: Secure-Code Generation
Use case: engineer writes a new auth endpoint, AI produces a hardened version.
# Prompt pattern
prompt = f"""Review and rewrite this auth endpoint with defense
in depth. Apply:
- Input validation (FluentValidation or equivalent)
- Rate limiting hook
- Constant-time comparison for tokens
- Timing-safe equality for user lookup
- Generic error messages (don't leak which field failed)
- Security headers on response
- Audit log entry for every auth attempt
Current code:
{code}
Framework: ASP.NET Core 9
Our AuthService interface: {auth_service_signature}
Our AuditLogger interface: {audit_logger_signature}
"""
Opus 4.7 produces the rewrite. You then:
- Run Semgrep with the OWASP ruleset on the output.
- Add tests for the known attack patterns (timing attack, user enumeration).
- Have a second human review the crypto-adjacent code.
That triple gate makes AI-generated auth code safer than most hand-written auth code in average teams.
Part 5: IaC Scanning
Tools: Checkov, tfsec, kube-linter. Add LLM reasoning on top.
# Step 1: run mechanical scanners
checkov -d terraform/ --output json > checkov.json
tfsec terraform/ --format json > tfsec.json
# Step 2: AI triage
claude-code "Read checkov.json and tfsec.json. Group findings
by resource. For each group, explain the business impact in
one sentence, rank by exploitability given our threat model
(threat-model/summary.md), and propose a ranked fix plan."
Example reasoning the LLM adds:
- "Checkov CKV_AWS_20 (S3 bucket public) on
logs-bucket: the bucket only stores masked logs and is behind CloudFront with signed URLs. Residual risk: Low. Skip for this sprint." - "Checkov CKV_AWS_23 (SG allows 0.0.0.0/0 on 22) on
bastion-sg: this is an emergency-only bastion, not in normal use. Recommend SSM Session Manager instead, remove bastion. Priority: P1."
Part 6: Secret Detection
Classic tools (Gitleaks, TruffleHog) flag anything matching AWS key patterns, JWT patterns, etc. AI adds context.
# Gitleaks first pass
gitleaks detect --report-format json --report-path gitleaks.json
# AI pass
python scripts/ai_secret_review.py gitleaks.json
# scripts/ai_secret_review.py
import json
from anthropic import Anthropic
client = Anthropic()
findings = json.load(open("gitleaks.json"))
for f in findings:
context = get_file_context(f['File'], f['StartLine'], lines_before=5, lines_after=5)
response = client.messages.create(
model="claude-sonnet-4-6", # cheaper for this volume
max_tokens=256,
messages=[{
"role": "user",
"content": f"""Is this a real secret?
Pattern matched: {f['RuleID']}
File: {f['File']}
Line: {f['StartLine']}
Match: {f['Match']}
Context:
{context}
Classify: REAL_SECRET, FALSE_POSITIVE, TEST_FIXTURE,
EXAMPLE_PLACEHOLDER, DOCUMENTATION. Return one word.""",
}],
)
verdict = response.content[0].text.strip()
if verdict == "REAL_SECRET":
block_merge(f)
Typical teams see 80-95% of Gitleaks hits downgraded to FALSE_POSITIVE, TEST_FIXTURE, or EXAMPLE_PLACEHOLDER. The REAL_SECRET count drops to the ones that actually matter.
Tool Comparison
| Task | Semgrep Multimodal | Snyk + AI | Cursor + Opus 4.7 | Claude Code CLI | |------|-------------------|-----------|-------------------|-----------------| | SAST with LLM triage | Best | Good | Via API | Via API | | Threat modeling | No | No | Good | Best | | Attack-path gen | Partial | Partial | Good | Best | | Secure code rewrite | No | Good | Best | Best | | IaC scanning + reason | No | Good | Good | Best | | Secret detection + reason | Via plugin | Native | Via script | Via script |
For teams on a budget, pair a free/OSS mechanical scanner (Semgrep OSS, Checkov, Gitleaks) with a scripted LLM triage layer. Cost is token-driven: roughly $0.02-0.10 per finding triaged with Opus 4.7.
India-Specific Security Concerns
- DPDPA 2023 compliance — the Indian data protection law has specific requirements for PII handling. Include DPDPA context in threat model prompts.
- Aadhaar, PAN, bank accounts — these are PII-regulated. SAST rules often miss these; add custom detectors.
- Financial regulators — SEBI, RBI have compliance mandates. For fintech, include regulator expectations in your threat-model context.
- Data residency — Indian customer data often has residency requirements. IaC scans should flag resources outside ap-south-1/ap-south-2 regions.
Tell your AI tool these in CLAUDE.md for your security repo; defaults are US/EU-centric.
Guardrails — Non-Negotiable
- No AI-generated crypto without human crypto review. Subtle bugs compound.
- No AI-auto-close on P0s. Every critical finding needs human eyes.
- Audit log everything. Which agent triaged which finding, when, with what confidence.
- Humans approve remediation PRs. Agents open PRs; humans merge.
- Red-team the AI. Occasionally feed the model known false-positive-looking real vulnerabilities to check it is not rubber-stamping.
Where to Go Next
- Claude Code Skills & Superpowers — write a custom /triage or /threat-model skill
- Cursor IDE Tutorial India — the IDE for reviewing AI security output
- MCP Servers Tutorial — expose your SAST/DAST tools to agents
- GitHub Copilot Free Setup — inline secure-code suggestions
- Enterprise AI security guardrails — org-level controls around AI in security tooling
- AI-first workflow 2026 — how AppSec fits in the broader dev loop
Community Questions
0No questions yet. Be the first to ask!