DEVOPSdigest

Backslash Security(link is external) announced significant adoption of the Backslash App Graph, the industry’s first dynamic digital twin for application code.

App Graph has been a key driver of the company’s substantial momentum in the past twelve months, quadrupling its revenue and increasing its customer base by 150%.

The Backslash approach is a direct response to the rapid evolution of software development. Today, between 70% and 90%(link is external) of any given software codebase is comprised of open-source components, while AI-powered coding tools are now generating code at an unprecedented scale and pace. As a result, AppSec teams struggle with legacy SAST and SCA tools designed for older, slower eras of code development. To address these pervasive issues, the Backslash App Graph accurately identifies real-world threats by creating a comprehensive model across the code environment, including both open-source and first-party code. It is a foundational technology that does not rely on third-party open source tools for scanning, nor does it require agents that complicate deployment.

“AI-generated and open-source code have created a Wild West of unprecedented risk, while security teams are stuck with tools designed to tackle yesterday’s problems,” said Shahar Man, CEO and co-founder, Backslash Security. “Application security is at a crossroads, and Backslash is flipping the paradigm with our foundational, digital twin-powered modeling that enables security teams to quickly visualize the issues in their code, understand their impact, and focus on real-world risks – no matter whether they were created by humans or AI.”

“Backslash’s App Graph is an integral part of our AppSec program, helping us prioritize remediation efforts with reachability assessments for dependencies,” said Guy Havusha, VP Security, CISO at monday.com. “It also provides a package upgrade simulator and automatic repository detection, enabling us to maintain our accelerated application delivery pace.”

In contrast to legacy tools, Backslash does not take a line-by-line approach to code analysis, but instead maps the application onto a multi-dimensional App Graph that exposes the connectivity between components of the application. The Backslash App Graph dramatically reduces time to research and remediate vulnerabilities, enabled by several unique capabilities:

■ Triggerability™ analysis, which identifies vulnerabilities that are both reachable and exploitable in non-theoretical, real-world execution.

■ Business Process Impact Analysis, which uses an LLM-driven engine that classifies vulnerabilities according to how they affect business processes – such as shopping cart checkout or user data ingestion.

■ Phantom Package Detection, which uncovers packages that are being used but have not been declared in the manifest file.

■ Predictive Upgrade Simulation, which provides the predicted risk footprint of each fix option, allowing developers to understand in advance the best course of action.

To see Backslash App Graph in action, schedule a demo(link is external), or meet the Backslash team at booth ESE-52 at the 2025 RSA Conference in San Francisco from April 28 - May 1, 2025.