4 Predictions for AppSec in 2025
By Ken Johnson and Seth Law
In this joint blog from Seth Law at Redpoint Security and Ken Johnson at DryRun Security, we highlight how 2025 will be a pivotal year for large language models (LLMs) in AppSec. Building on the momentum of 2024, LLMs are moving from novelty to necessity, enabling deeper code analysis, automating security workflows, and providing real-time developer assistance. Organizations that adopt AI-driven AppSec will find and fix vulnerabilities faster, freeing security teams to focus on high-value tasks—and ultimately ship more secure code.
It’s no secret that artificial intelligence (AI)—particularly large language models (LLMs)—has taken the tech world by storm. While 2024 saw significant strides in how security practitioners applied AI to scanning and development workflows, 2025 looks poised to be even more transformative. Below are a few key predictions on how AI will influence application security (AppSec) and why you should pay attention.
1. AppSec Will Fully Embrace LLMs
A year or so ago, discussions about AI’s relevance in AppSec ranged from mild curiosity to outright skepticism. But that has largely disappeared. Now, more and more AppSec professionals see how LLMs can automate tedious processes and supplement expert-driven reviews. In 2025, we’ll see:
Shifting from “Is AI worth it?” to “Where can we apply AI next?”
Rather than questioning whether LLMs have a place, AppSec teams will begin embedding AI-driven tools wherever they can bring tangible benefits—such as pulling in threat data, analyzing code changes, and generating automated patch suggestions.
A rethinking of traditional security approaches:
LLMs excel at contextual understanding, especially as context windows grow larger and models become “agentic,” meaning they can iterate through multiple steps or queries. Security teams will rethink processes (like threat modeling) that used to be manual, consolidating them into fluid, AI-backed workflows.
2. More Nuanced, Context-Rich Analysis
One of the historical pain points with AI-based code analysis was context window length. If an LLM or AI agent couldn’t handle your entire codebase all at once, you ended up with either incomplete or inaccurate results. In 2025:
Long Context Windows and Agentic AI Will Be the Norm
When an LLM can “remember” and analyze vast portions of your code, it becomes far more capable of spotting both common and niche vulnerabilities. Agentic AI effectively chains tasks, learns from each query, and can refine results over time.
Security Practitioners Will Rely on AI to Get Deeper Insights
Manual techniques like static analysis or searching for known vulnerabilities will be augmented by LLMs that can correlate multiple parts of a project. Rather than triaging individual findings, developers and AppSec engineers will benefit from LLMs that surface complex vulnerability chains or logic flaws hidden deep in the code.
3. The Rise of “Agentic” Security Orchestration
Security platforms have long offered drag-and-drop workflows for event handling—think of solutions like Tines, which provide no-code solutions to everything from creating Jira tickets to sending out alerts. As LLMs become more powerful:
AI-Driven Orchestration Tools Will Emerge
Imagine chaining multiple specialized AI “agents” together, where one agent monitors new CVE data while another checks your repositories for vulnerable dependencies. A third agent might spin up automated proof-of-concept exploits if it suspects an issue. This isn’t far off—several startups and open-source tools are already heading in that direction.
Developers Get Security Assistance Without Leaving Their IDE
By 2025, many dev environments will likely come with built-in AI “assistants” that can provide context-specific security advice in real time. We’ll see a blending of DevOps, security automation, and AI, helping dev teams ship secure code faster.
4. 2025: A Pivotal Year for AI-Driven AppSec
Above all, there’s a sense of optimism and excitement in the air. If 2024 was the year LLMs finally got a foot in the door, 2025 is when they’ll take center stage.
Innovation Explosion
As more companies see tangible ROI—like fewer vulnerabilities making it to production, or significant time savings in code reviews—expect a new wave of startups and product features. We’ll likely see everything from AI-based threat modeling to continuous compliance checks that happen entirely behind the scenes.
A Culture Shift
Security teams will have less manual busywork and more time to focus on high-value tasks: deeper analysis, custom threat research, and meaningful engagement with developers. Once seen as a “bolt-on” solution, AI tools will become an integral part of the AppSec culture.
Conclusion
Put simply, 2025 will be the year we stop treating LLMs and agentic AI as experiments and start embracing them as must-have elements of our security strategy. From deeply contextual analyses of codebases to automated orchestrations of AppSec workflows, these tools will reshape how we plan, develop, and protect software.
The only question left is: How will you use them?
Now’s the perfect time to evaluate your current security processes, pinpoint your biggest bottlenecks, and consider how AI can help you solve them in novel ways. The creative possibilities are endless—and as the technology continues to mature, the companies that adopt intelligent AI workflows will be the ones setting the pace in AppSec.
Watch these recorded webinars with Ken Johnson for some overarching lessons learned and successes with LLMs in AppSec and a workshop walking you through how to use LLMs to detect specific issues:
From Lessons Learned to Success: Leveraging LLMs in AppSec
Hands-On with AI: Using LLMs to Detect IDOR and Auth Flaws
If you’d like some help right now with a tool that’s already providing code insights like never before, schedule some time with us and we’ll show you how you can get started.
.webp)
