Prior to Veracode, we used to deploy our apps, and it used to be an expensive process to fix the bugs and all the potential vulnerabilities after deployment. Now, we have access to AI. It has AI tools, which have been trained with lot of data sets. It helps us to detect bugs and fix them.

They've come out with some sort of automated fix feature. I haven't used it, but they gave us a demo of it, and that one looks promising. I don't know if it's ready for prime time, yet. We'll see.

Veracode Fix has affected our time to remediate security flaws in cases where we've been able to use it correctly because the proposals were on point, and it's been great. We've seen that in the same sprint that we were developing the features, now those features are implemented without any technical security debt.

We just got the Veracode Fix feature, but we need to understand it more deeply to know if it just performs code fixes or handles dependencies as well. Can it arrange or adjust my versions to make sure that the library that I'm using does not have any vulnerabilities? We have not enabled AI-generated fixes because we need to try it out and see how it performs, especially concerning human intervention in auto-upgrading or automatic patching in production.