- Semgrep Code
  Find and fix the issues that matter in your code (SAST)
- Semgrep Supply Chain
  Find and fix reachable dependency vulnerabilities (SCA)
- Semgrep Secrets
  Find and fix hardcoded secrets with semantic analysis
- Semgrep Assistant
  Get triage and code fix recommendations from AI
- Semgrep AppSec Platform
  Automate, manage, and enforce security across your organization
- Semgrep Pro Engine
  Find more true positives and fewer false positives with dataflow analysis
- Product Updates
  Stay up to date on changes to the Semgrep platform, big and small
- Secure Vibe Coding
  Secure your code, no matter who (or what) writes it.
- Open-Source Malware Protection
  Protect against software supply chain attacks
- Static application security testing
  Increase security while accelerating development
- OWASP Top 10
  Prevent the most critical web application security risks
- Secure Guardrails
  Protect Your Code with Secure Guardrails
- Fintech
  Mitigate software supply chain risks
- SaaS & Cloud
  Increase security while accelerating development
- Docs
  Want to read all the docs? Start here
- Blog
  Get the latest news about Semgrep
- ROI Calculator
  See how Semgrep can save you time and money
- Community Slack
  Join the friendly Slack group to ask questions or share feedback
- Events
  Join us at a Semgrep Event!
- Case Studies
  See why users love Semgrep
- Video Library
  View our library of on-demand webinars
- Community Edition
- About
  The Semgrep story & values
- Careers
  Join the team!
- Partners
  Become a Semgrep partner
Pricing
Sign in
Product support
Contact us
Book demo Try for free

Semgrep events in-person

Finding Logic Flaws and Broken Auth with AI-Powered Multimodal Detection

Date March 25th, 2026

Time 12:30 - 1:30 PM PT

Location

San Francisco, CA

details

Traditional SAST catches issues like SQL injection and XSS. Some of the biggest bug bounty payouts come from logic flaws like IDOR, broken authorization, and workflow abuse because these are hard to find with traditional SAST techniques alone.

In this technical workshop, you’ll see how Semgrep’s AI-powered detection combines static analysis with LLM reasoning to uncover business logic vulnerabilities without custom rule writing.

We’ll walk through:

How hybrid AI + static analysis enumerates attack surfaces like routes and controllers
How missing role validations and data access violations are identified
Why this approach outperforms general-purpose code assistants

Run a live AI-powered scan against a sample application or your own code to review real findings, and explore AI-generated remediation guidance. You’ll leave with a practical understanding of how to detect authorization gaps before attackers do.

Please note: Spots are limited, and attendance is subject to availability. Fill out the form below and our team will be in touch to confirm your spot. We look forward to seeing you there

Speakers

Jack Moxon
Semgrep

Staff Product Manager

Erik Buchanan
Semgrep

Head of AI Engineering

Your privacy matters to us. By submitting this form, you agree to our Privacy Policy