One of the main challenges we face is that we see so many vulnerabilities, and a lot of them are false positives that come from all these automated toolings. If we can leverage something like GenAI to understand the business context and the risk of each product, we could easily and automatically get rid of false positives or misclassified severities. This would not only shorten the list but also help improve our partnership with developers, who would prefer fewer, more meaningful vulnerabilities to address.

Renan Dias

Security Engineering Manager, VTS