BOSTON, Massachusetts – September 15, 2025 – Legit Security, the leader in AI-native Application Security Posture Management (ASPM) and security for AI-led application development such as vibe coding, was named a Leader in the IDC MarketScape: Worldwide Application Security Posture Management 2025 Vender Assessment (doc #US53001925, September 2025). We believe this recognition reinforces the value Legit delivers in helping secure AI-first pipelines by automating the discovery, prioritization and remediation of vulnerabilities and risk across complex software development environments.
In a recent study, Microsoft researchers found that 75% of developers use AI regularly. AI code assistants, vibe coding and other AI-led practices increase speed of code delivery but expose many AppSec gaps. Secrets, code changes, dependencies and vulnerabilities all become more commonplace when AI code is at work. Legit’s ASPM platform is specifically designed to support consistent AppSec initiatives and fast, automated remediation in hybrid human/AI development environments.
“For our customers, securing code and applications isn’t just a priority, it’s mission critical,” said Roni Fuchs, CEO and co-founder at Legit. “With the rise of AI-assisted development and the chaos of today’s highly fragmented ‘vibe coding’ environments, security teams face an almost impossible task to keep pace. We believe being recognized as a Leader in the IDC MarketScape for ASPM validates the depth of the Legit platform and how we empower modern engineering teams to deliver secure code at the speed of innovation.”
This first IDC MarketScape for ASPM evaluated 18 vendors. This evaluation provides a combined view of these vendors' capabilities and strategies in the ASPM market.
Legit’s AI-native ASPM and AppSec platform delivers a host of capabilities to support security for today’s AI-led development programs. Key use cases customers rely on Legit to support include:
- Unified Vulnerability Remediation: Legit’s automated, holistic vulnerability management discovers all assets across the software development lifecycle (SDLC), identifies and prioritizes security gaps and orchestrates prioritized remediation.
- Securing AI-Generated Code: Legit detects AI-generated code, ensures usage (e.g., models) adhere to corporate policy and provides assurances that complete AppSec testing occurs across the AI-powered SDLC.
- AI-Powered Remediation: With Legit, developers build and deploy faster as AI-powered remediation streamlines vulnerability discovery, prioritization and fixes.
- Secrets Detection & Prevention: Legit delivers the most accurate AI-powered secrets detection, prevention and remediation, and goes beyond source code to cover Slack, Teams, Confluence, Jira and more.
- Advanced Code Change Management: Legit provides customers deep visibility and automation for material changes across the SDLC so issues can be fixed before hitting production.
- Code Security (SAST, SCA): Legit’s SCA and SAST go beyond legacy scanning with precise reachability analysis, AI vulnerability detection and license risk enforcement.
To learn about Legit’s AI-Native ASPM platform, visit www.legitsecurity.com.
About IDC MarketScape
IDC MarketScape vendor assessment model is designed to provide an overview of the competitive fitness of technology and service suppliers in a given market. The research utilizes a rigorous scoring methodology based on both qualitative and quantitative criteria that results in a single graphical illustration of each supplier’s position within a given market. IDC MarketScape provides a clear framework in which the product and service offerings, capabilities and strategies, and current and future market success factors of technology suppliers can be meaningfully compared. The framework also provides technology buyers with a 360-degree assessment of the strengths and weaknesses of current and prospective suppliers.”
About Legit Security
The Legit Security ASPM platform is a new way to manage application security in a world of AI-first development, providing a cleaner way to manage and scale AppSec and address risks. Fast to implement, easy to use, and AI-native, Legit has an unmatched ability to discover and visualize the entire software factory attack surface, including a prioritized view of AppSec data from siloed scanning tools. As a result, organizations have the visibility, context, and automation they need to quickly find, fix, and prevent the application risk that matters most. Spend less time chasing low-risk findings, more time innovating.
Media Contact for Legit Security:
PANBlast for Legit Security