Theori Launches Xint Code for Large-Scale AI Security Analysis

A new tool is changing how organizations protect their massive software systems from sophisticated threats. Theori has commercially launched Xint Code, an LLM-native static application security testing (SAST) platform designed to analyze millions of lines of source code, configuration files, and binaries in under twelve hours. This solution aims to bridge a critical gap in modern cybersecurity, where defenders are often overwhelmed by the sheer scale of code and the clever tactics of adversaries.

Modern attackers increasingly leverage artificial intelligence to uncover critical security weaknesses, leaving many security teams scrambling to keep pace.

Traditional SAST tools can identify known vulnerabilities but frequently generate a high volume of false alarms and unimportant findings.

On the other hand, human penetration testers possess the intuition to spot subtle, context-driven flaws—like an ecommerce system that incorrectly processes negative quantities—but they simply cannot operate at the scale of today’s enterprise codebases.

Even widely available AI coding assistants face limitations in their context windows, preventing them from comprehensively scanning and prioritizing issues across entire applications.

Xint Code addresses these three core challenges by combining large language models with a proprietary orchestration engine. It performs deep scanning and contextual analysis, examining each line of code from both a technical and business logic perspective.

This methodology drastically cuts down on false positives and enables security teams to rapidly identify, reproduce, validate, and understand the most critical, exploitable vulnerabilities.

The result is human-level analytical insight delivered at machine speed and scale.

The platform’s effectiveness was demonstrated in a recent research report. Theori detailed how Xint Code identified a severe, previously undetected vulnerability within the widely used PostgreSQL open-source database system.

This flaw, which had existed for over two decades, could allow for data theft and arbitrary code injection.

PostgreSQL is a foundational component for transactional and analytical workloads across industries like SaaS, finance, telecommunications, and government.

The report clarifies why this vulnerability evaded discovery by conventional SAST tools, human testers, and even next-generation AI solutions, highlighting a new era where both attackers and defenders can scan millions of code lines in mere hours to find critical weaknesses in legacy systems.

“Critical vulnerabilities often stay hidden because traditional scanners miss business logic flaws and manual reviews can’t scale across hundreds of millions of lines of code,” explained Andrew Wesie, CTO at Theori.

“The advent of LLMs is fundamentally altering this dynamic. What might take penetration testers weeks or months to uncover—assuming they know where to look—Xint Code can surface in hours.

Importantly, it doesn’t just flag potential problems; it provides a clear explanation of how an attacker would trigger the exploit and outlines the potential impact.”

The key capabilities of Xint Code center on its ability to deliver precise, actionable intelligence at an unprecedented pace.

By providing context-rich analysis that mirrors expert human reasoning, it empowers application security teams to prioritize their efforts effectively and shore up defenses against the most dangerous real-world threats.