Legit Security Upgrades AI Security Command Center for Code Risk Management
Legit Security, a leader in secure AI development, announced a major update to its AI Security Command Center on September 29, 2025, designed to address escalating security risks associated with AI-generated code in software development. The platform delivers the most comprehensive view of AI model usage across the software development lifecycle (SDLC), including visibility into AI-generated code, AI models, and MCP servers while identifying associated vulnerabilities.
The announcement comes amid rapid adoption of AI coding assistants like GitHub Copilot and Cursor, which accelerate development but introduce significant security risks. As Legit VP of Product Yoav Stahl noted, "2025 has brought a massive shift in the way developers code. AI tools have made it faster for application teams to deliver, but it has also increased many companies' security risk levels." Security teams increasingly report lacking visibility into AI-generated code risks, creating a critical AppSec gap.
The upgraded Command Center features four core capabilities: complete visibility into AI usage patterns, detection of unauthorized or low-reputation AI models, real-time monitoring of AI-related risks including "riskiest AI secrets," and team- and application-level risk metrics. The system tracks newly introduced AI components, monitors frequently used models, and enriches visibility with each model's reputation context. Crucially, it identifies when engineers bypass security policies to use unapproved AI tools, even when attempting to circumvent corporate controls.
Security teams gain the ability to pinpoint which development teams introduce the most AI security issues through an "AI heat map," enabling targeted training and support. The platform also provides historical risk tracking, allowing security leaders to measure changes in AI risk posture over time and compare security postures across applications. This addresses a key challenge highlighted in the Latio 2026 Application Security Market Report, which noted that 97% of organizations lack proper AI access controls despite 13% experiencing AI-related security incidents.
Legit's approach aligns with industry recognition of the convergence between AI-first development and application security management. The company was named "AI Code Innovator in AppSec" by Latio for its VibeGuard offering, which secures AI code generation tools against prompt injection attacks and enforces security standards on AI-generated code. As Legit CTO Liav Caspi states, "from prompt to cloud" represents the full scope of security required in AI-assisted development.
The Command Center's release reflects a broader industry shift toward integrated security for hybrid development environments where AI-generated code coexists with legacy code and open-source components. By providing context-aware risk metrics rather than merely alerting to vulnerabilities, Legit aims to move beyond traditional security approaches that "only give alerts and better correlation" without addressing the core issue of context and decision-making in AI-assisted development.
For organizations implementing AI in development, the Command Center offers a structured approach to governance that avoids treating AI as a standalone tool. As Stahl emphasized, the platform "fills a very important AppSec gap" by enabling security teams to "understand risk over time" rather than reacting to isolated incidents. This represents a significant evolution from traditional AppSec practices that were not designed for AI-generated code workflows.
The official announcement positions Legit's solution as essential for enterprises navigating the transition to AI-first development, where security must be embedded throughout the development process rather than applied as an afterthought.
Artūras Malašauskas is an AI Systems Integrator with 20+ years of production-grade web engineering experience. He has designed, shipped, and scaled enterprise Python/PHP systems for logistics, SaaS, and public-sector clients. For the past year, he has focused exclusively on AI integrations: deploying open-source LLMs, building generative media pipelines (image, audio, video), and engineering multi-agent workflows for real production environments. His standard: reproducibility, security, cost-efficient inference—no vaporware. He documents and evaluates emerging AI tooling, separating verified capabilities from marketing noise. Technical editor at: muza-ai.eu, ai-verslas.lt, ai-naujinos.lt Connect on LinkedIn
Artūras Malašauskas is an AI Systems Integrator with 20+ years of production-grade web engineering experience. He has designed, shipped, and scaled enterprise Python/PHP systems for logistics, SaaS, and public-sector clients. For the past year, he has focused exclusively on AI integrations: deploying open-source LLMs, building generative media pipelines (image, audio, video), and engineering multi-agent workflows for real production environments. His standard: reproducibility, security, cost-efficient inference—no vaporware. He documents and evaluates emerging AI tooling, separating verified capabilities from marketing noise. Technical editor at: muza-ai.eu, ai-verslas.lt, ai-naujinos.lt
Comments