From Noise to Notes: Orchestrating SAST with Developers through AI-Driven Remediation
Adrián Puente Z.
BSidesSF 2026 · Day 2 · AMC Theatre 10
In this insightful talk at BSides SF, Adrián Puente Z., a Principal Security Engineer at Remountley, presented a compelling framework for transforming the often-frustrating experience of Static Application Security Testing (SAST) into a harmonious and effective security program. Titled "From Noise to Notes," Puente’s presentation tackles the pervasive issue of overwhelming false positives and developer friction that plagues many SAST implementations, offering a practical, AI-driven remediation strategy. The core of his approach lies in deeply integrating security practices with developer workflows, prioritizing findings based on business risk, and leveraging artificial intelligence to automate and accelerate the remediation process.
AI review
Competent practitioner talk on a real problem — SAST noise and developer friction — with honest metrics and a sensible workflow. The AI remediation angle is dressed up more dramatically than the underlying technique warrants, and nothing here would surprise an experienced AppSec engineer, but it's a legitimate war story with transferable lessons for teams earlier in their SAST maturity.