Aikido has launched Code Audit, a tool that bridges static application security testing (SAST) and manual penetration testing. By reasoning over static code, it uncovers multi‑step, intent‑driven flaws that traditional scanners miss. The service arrives after Anthropic’s Claude Fable 5 jailbreak highlighted how AI can automate exploit chaining, prompting vendors to weaponize the same models defensively for enterprises.

Code Audit does not replace existing SAST engines or pentests; instead it runs on your repositories and applies pentest‑grade reasoning. It follows references across files, surfaces chains such as a three‑file IDOR, and supplies root‑cause explanations with an auto‑generated pull request. Early adopters report median findings of about 25 issues per codebase, with 70‑80% of pentest coverage at roughly one‑tenth the cost.

Because the analysis works purely on source, it handles mobile binaries, smart contracts, and legacy languages lacking robust SAST rules. Audits finish in minutes, scaling with repository size, and require no staging environment or credential setup. Users can launch a scan from the Aikido dashboard, estimate credit usage, and receive an immediate report, moving vulnerability discovery to the pre‑release window in practice.