# AquilaX — AI-Powered Application Security Platform # llms.txt · aquilax.ai · Last updated: 2026-05-18 # Standard: https://llmstxt.org > AquilaX is an AI-powered application security platform that runs 32 parallel security scanners — SAST, SCA, DAST, Secrets, PII, Container, IaC, API Security, Malware, Vibe Code, Compliance, and Securitron AI — with 93.54% false positive elimination. Scans complete in under 60 seconds. Built for DevSecOps teams. Registered in England & Wales (Company No. 15332758). ## Platform - [Home](https://aquilax.ai/): Main landing page with full platform overview, live scan demo, pricing, and team information. - [All Scanners](https://aquilax.ai/scanners): Complete catalogue of all 32 security engines — 12 scanner types with technical capability matrix, coverage by attack surface, and the unified pipeline architecture. - [Products](https://aquilax.ai/products): Full product suite overview including SAST, SCA, DAST, Container, IaC, API Security, Malware, Vibe Code, Securitron AI, CSPM, and Compliance. - [Securitron AI](https://aquilax.ai/securitron): AquilaX's proprietary AI orchestration engine. Trained on 300M+ open-source projects. Eliminates 93.54% of false positives. Generates context-aware fix patches and opens automated PRs. - [Security Rating](https://aquilax.ai/products-and-services/security-rating): How AquilaX calculates a single numerical score (0–100) per repository. Starts at 100; deductions for findings by severity, codebase size, and scanner configuration. - [Compliance](https://aquilax.ai/compliance): Automated compliance evidence generation for ISO 27001, SOC 2, PCI DSS, NIST 800-53, DORA, NIS2, and OWASP Top 10. - [Analytics](https://aquilax.ai/analytics): Platform analytics and security trend reporting. - [AI Auto-Remediation](https://aquilax.ai/remediation): AI-powered vulnerability auto-fix — Securitron generates secure patches and opens pull requests automatically on GitHub, GitLab, and Bitbucket. - [Integrations](https://aquilax.ai/integrations): Native integrations with GitHub, GitLab, Bitbucket, Azure DevOps, JIRA, VS Code, JetBrains, Slack, and 30+ CI/CD tools. - [CSPM — Cloud Security Posture Management](https://aquilax.ai/cspm): Add-on license extending AquilaX Ultimate into live cloud environments. Covers AWS, Azure, GCP, and Kubernetes with 9+ compliance frameworks, IAM privilege escalation analysis, eBPF runtime threat detection, and policy-driven auto-remediation. ## MCP Server (Model Context Protocol) - [AquilaX MCP Server](https://aquilax.ai/mcp): Hosted Model Context Protocol server at `https://mcp.aquilax.ai/mcp`. Connect Claude Desktop, Claude Code, Cursor, Windsurf, VS Code Copilot, OpenAI Codex, Continue.dev, or Zed to AquilaX. Provides 7 MCP tools: `scan_code`, `get_findings`, `fix_vulnerability`, `get_scan_status`, `list_projects`, `get_project_summary`, `list_scanners`. Authentication via HTTP headers (`X-AX-Key`, `X-AX-Org`, `X-AX-Group`). No installation required — zero-config, hosted, free to connect. ## Scanners - [SAST](https://aquilax.ai/sast): Static Application Security Testing. Taint analysis across 17+ languages. Detects SQL injection, XSS, SSRF, command injection, deserialization, and 500+ vulnerability types. Premium plan. - [SCA](https://aquilax.ai/sca): Software Composition Analysis. Open-source CVEs, transitive dependencies, licence violations, malicious packages. CVE/GHSA/OSV databases. Premium plan. - [DAST](https://aquilax.ai/dast): Dynamic Application Security Testing. Runtime probing of live applications and APIs. XSS, CSRF, broken auth, SSRF, API injection. Premium plan. - [Secrets Scanner](https://aquilax.ai/secrets): Detects API keys, tokens, passwords, SSH keys, cloud credentials, JWTs across entire git history. Includes entropy-based detection. Free plan. - [PII Detection](https://aquilax.ai/pii): Finds personally identifiable information in source code and config. Covers GDPR, HIPAA, CCPA. 40+ PII categories. Free plan. - [Container Security](https://aquilax.ai/container): Docker image CVEs, Kubernetes RBAC misconfigurations, CIS Benchmark, privilege escalation, exposed ports. Premium plan. - [IaC Scanner](https://aquilax.ai/iac): Infrastructure-as-Code analysis for Terraform, Helm, Ansible, CloudFormation, Pulumi. CIS AWS/Azure/GCP benchmarks. Premium plan. - [API Security](https://aquilax.ai/api): OpenAPI/Swagger scanning. BOLA, mass assignment, excessive data exposure, missing rate limits. OWASP API Top 10. Premium plan. - [Malware Scanner](https://aquilax.ai/malware): Backdoors, trojans, obfuscated scripts, cryptominers, supply-chain injections. MITRE ATT&CK mapping. Ultimate plan. - [Vibe Code Scanner](https://aquilax.ai/vibe): Purpose-built scanner for LLM-generated code (Copilot, Cursor, ChatGPT). Detects hallucinated patterns and insecure defaults. Ultimate plan. - [CSPM](https://aquilax.ai/cspm): Cloud Security Posture Management. AWS, Azure, GCP, Kubernetes. IAM escalation paths, drift detection, eBPF runtime threat detection. Add-on to Ultimate plan. ## Why AquilaX - [Self-Learning AI](https://aquilax.ai/why/self-learning-ai): How Securitron trains continuously on each organisation's triage feedback to reach near-zero false positive rates. - [False Positive Elimination](https://aquilax.ai/why/false-positive-elimination): 93.54% FP elimination methodology — taint analysis, AI context scoring, per-customer model. - [60-Second Scans](https://aquilax.ai/why/60-second-scans): Architecture behind running 32 parallel scanners in under 60 seconds. - [Auto-Fix](https://aquilax.ai/why/auto-fix): AI-generated patch generation and automated pull request workflow. - [One Platform](https://aquilax.ai/why/one-platform): Why consolidating SAST, SCA, DAST, Container, IaC, API, Malware, Secrets, PII, Compliance in one platform beats point tools. - [Truly Free](https://aquilax.ai/why/truly-free): The Free plan — no credit card, unlimited scans, no expiry. - [Deploy Anywhere](https://aquilax.ai/why/deploy-anywhere): SaaS, single-tenant cloud, or full on-premises Kubernetes deployment. ## Competitor Comparisons - [AquilaX vs Snyk](https://aquilax.ai/vs/snyk): Head-to-head comparison — scanner coverage, AI FP elimination, pricing, on-premises support. - [AquilaX vs SonarQube](https://aquilax.ai/vs/sonarqube): Comparison on SAST depth, secrets scanning, AI triage, and deployment flexibility. - [AquilaX vs Semgrep](https://aquilax.ai/vs/semgrep): Comparison on rule quality, false positive rate, AI remediation, and multi-scanner coverage. - [AquilaX vs Checkmarx](https://aquilax.ai/vs/checkmarx): Enterprise AppSec comparison — pricing, deployment, AI capabilities, compliance coverage. ## User Manual - [Install AquilaX On-Premises](https://aquilax.ai/install-aquilax): Full self-hosted installation guide. Three VMs: Server (8 vCPU/16GB), Worker (12 vCPU/32GB), AI (32 vCPU or 4× GPU/32GB). Docker Compose, MongoDB 8, HAProxy, Keycloak, llama.cpp with Qwen3-4B-GGUF. - [Scanning Setup Guide](https://aquilax.ai/scanning-setup-guide): 8-step operational guide. Group organisation, JSON security policy configuration, CI/CD integration (GitHub/GitLab/Bitbucket/JIRA), scheduled scans, findings review, and report monitoring. ## Success Cases - [RemoteEngine Case Study](https://aquilax.ai/products-and-services/success-cases/remoteengine): Global AI-driven hiring platform. AquilaX reduced vulnerability remediation time by 80%, eliminated manual security reviews from CI/CD, and automated GDPR/ISO 27001/SOC 2 compliance reporting. - [Almotech Case Study](https://aquilax.ai/products-and-services/success-cases/almotech-fast-track-to-secure-software): European software house (15+ engineers). From purchase decision to first scan in under 24 hours. 35%+ false positive reduction from day one. Zero workflow disruption. ## Blog & Thought Leadership - [Blog](https://aquilax.ai/blog): AquilaX security research blog — 180+ articles covering AppSec, DevSecOps, AI security, vulnerability research, and compliance. - [Securitron AI](https://aquilax.ai/blog/aquilax-securitron): Deep dive into the Securitron AI engine. Training data (300M+ projects), classification labels, false positive elimination, fix patch generation, chat interface, and continuous learning loop. - [Building Superhumans](https://aquilax.ai/blog/building-superhumans): Thought leadership on AI replacing human security review at scale. The "Superhumans in Jars" concept — AI that operates 24/7 without fatigue, salary, or knowledge gaps. - [ASPM: What It Really Means](https://aquilax.ai/blog/aspm): Opinion piece on why "ASPM" is an overused label. What true Application Security Posture Management requires vs. what most vendors actually deliver. AquilaX's transparent rejection of the label. - [CSPM: Cloud Security Posture Management](https://aquilax.ai/cspm): In-depth explanation of CSPM capabilities, cloud account coverage, IAM risk analysis, and eBPF runtime detection. ## Company - [About](https://aquilax.ai/about): AquilaX company story, mission, founding team, values, and technology stack. - [Careers](https://aquilax.ai/careers): Open roles at AquilaX — security engineering, AI/ML, frontend, DevSecOps, security research, and sales. Remote-first. 6 open positions. - [Customers](https://aquilax.ai/customers): Customer stories and organisations secured by AquilaX. - [Industries](https://aquilax.ai/industries): AquilaX by industry — fintech, healthcare, e-commerce, SaaS, government. - [Trust Center](https://aquilax.ai/trust-center): Security posture, certifications, data handling, and compliance commitments. - [Investor Relations](https://aquilax.ai/investor-relations): Market opportunity ($20B AppSec, 20%+ CAGR), founding team pedigree (former Head of AppSec at Revolut & Goldman Sachs), $440K+ total capital, NVIDIA Inception, Microsoft for Startups, NatWest and DiSH Barclays accelerators. - [Contact](https://aquilax.ai/contact): Sales, support, and partnership enquiries. - [Legal](https://aquilax.ai/legal): Terms & Conditions, Privacy Policy, Cookie Policy, EULA, Acceptable Use Policy. Governing law: England & Wales. AquilaX LTD, 124 City Road, London EC1V 2NX. ## Pricing - [Pricing](https://aquilax.ai/pricing): Full pricing page with feature comparison table and FAQ. - Free: Secrets scanning, PII detection, compliance reports — unlimited scans, no credit card required. - Premium ($19/mo per organisation): Adds SAST, SCA, DAST, Container, IaC, API Security — 7 scan engines total. - Ultimate ($99/mo per organisation): Adds Malware, Vibe Code, Securitron AI, custom model training, auto-fix PRs. 14-day free trial. - CSPM: Add-on license for Ultimate subscribers. Priced per connected cloud account or Kubernetes cluster. Annual commitment. - Enterprise: On-premises deployment, dedicated support, custom SLA. Contact admin[@]aquilax.ai. ## External Resources - [Documentation](https://docs.aquilax.ai): Full product documentation and API reference. - [API Reference](https://developers.aquilax.ai/api-reference/start): REST API for CI/CD integration and automation. - [GitHub](https://github.com/AquilaX-AI): Open-source contributions and integrations. - [HuggingFace](https://huggingface.co/AquilaX-AI): Published AI models. - [Status](https://status.aquilax.ai): Live service status page. - [Changelog](https://aquilax.featurebase.app/changelog): Release notes and product updates.