Blog · AI & Security

Securitron: The AI
engine that thinks
like a security expert.

Most security scanners generate noise. Securitron is the AI engine that turns 2,000 raw findings into 30 real ones — trained on 300 million open-source projects and continuously improving with every scan.

AquilaX Research Team January 2025 5 min read AI · Securitron · AppSec
01 · Overview

What is Securitron?

Securitron is AquilaX's proprietary application security AI model — the intelligence layer that orchestrates all 32 security scanners and makes sense of their output. Where traditional scanners dump hundreds of findings and leave teams to sort them out, Securitron acts as the expert security engineer who reads every finding, understands the context, and tells you what actually matters.

🧠 What Securitron is not
Securitron is not a wrapper around GPT. It is a purpose-built security AI model — trained exclusively on real-world vulnerability data, triage feedback, and remediation outcomes from 300M+ open-source projects.

The result is an AI that understands security — not just language. It knows the difference between a SQL injection that is actually exploitable and one that is behind three layers of parameterised sanitisation. It knows that your framework's ORM already escapes that query. And it generates the fix that works for your specific codebase, not a generic code snippet copied from Stack Overflow.

02 · Data

Training Data

Securitron was trained on a dataset built specifically for application security — not general-purpose text or code. The training corpus includes:

  • Over 300 million open-source projects with their source code and identified vulnerabilities.
  • CVE-labelled data from the National Vulnerability Database, GHSA, and OSV.
  • Triage feedback from leading cybersecurity engineers at global financial institutions.
  • Labels: False Positive, False Negative, True Positive, True Negative, Undefined.
300M+
Training Projects
57B+
Code Lines Processed
93.54%
FP Elimination Rate

This is not a general-purpose code model fine-tuned on a few thousand CVEs. It is a model built from the ground up with security triage as the primary objective — trained to distinguish real exploitability from pattern-match noise.

03 · Capabilities

Core Capabilities

Securitron provides four integrated capabilities that work together across every scan.

🎯

Vulnerability Triage

Securitron reads every raw finding from every scanner and classifies it: confirmed (true positive), unconfirmed, false positive, or informational. Severity is re-ranked based on exploitability in your specific codebase, not generic CVSS scores alone.

🚫

False Positive Elimination

Securitron's core function. By understanding the data flow, sanitisation logic, and framework conventions in your codebase, it eliminates findings that pattern-matching scanners would flag but that cannot actually be exploited. Average elimination rate: 93.54%.

🔧

Fix Patch Generation

For confirmed findings, Securitron generates context-aware code patches. These are not generic "use parameterised queries" suggestions — they are actual code changes that fix the specific vulnerability in your specific codebase, submitted as pull requests.

📈

Continuous Learning

Each triage action performed by a security engineer is fed back into Securitron's training loop. Over time, the model becomes increasingly accurate for your specific codebase, team patterns, and framework choices. Ultimate licence users benefit from a custom model trained exclusively on their data.

04 · Interface

The Chat Interface

Securitron is accessible via both API and a built-in chat UI. Developers and security engineers can query findings in natural language: "Why is this a false positive?", "How do I fix this SQL injection?", "Which findings should I fix first?".

The chat component provides contextual explanations, mitigation strategies, and links to relevant documentation — without leaving the AquilaX dashboard. No context-switching between tools. No copying and pasting findings into a separate chat window.

The Securitron chat API is available to Ultimate plan users. Contact admin[@]aquilax.ai for enterprise chat API access.

For organisations that need to integrate Securitron's intelligence into their own workflows — ticketing systems, Slack, custom dashboards — the API provides the same triage, explanation, and fix generation capabilities programmatically.

05 · Learning Loop

How It Learns

Securitron is not a static model. Every verified triage action — whether confirming a true positive or marking a false positive — is captured and used to fine-tune the model. This creates a virtuous loop: the more you use AquilaX, the smarter Securitron becomes at understanding your codebase.

Ultimate licence users receive a model trained exclusively on their organisation's data, achieving false positive rates significantly below the platform average. The model learns your framework, your team's coding patterns, your sanitisation conventions — and stops flagging the things that are never real vulnerabilities in your context.

Privacy guarantee: Triage feedback from one organisation is never used to train another organisation's model. Customer data is isolated. The shared platform model is trained only on consented, anonymised signals.

06 · Next Steps

See Securitron in action.

Securitron runs on every AquilaX scan — across all 32 scanners, all languages, all environments. Connect your repository and see what 300 million open-source projects of training data looks like in practice.

Securitron · Available on all plans

See Securitron in action.

Connect your repository in 90 seconds. Securitron triages every finding automatically — from the first scan.

Start Free Trial → Book a Demo
14-day Ultimate trial No credit card required Cancel anytime On-premises available