New infosec products of the week: December 19, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Apiiro, Astra Security, Push Security, Trellix, and XM Cyber.
Apiiro unveils AI SAST built on deep code analysis to eliminate false positives
Apiiro introduced Apiiro AI SAST, a new approach to static application security testing (SAST) that automates code risk detection, validation and fixes with the precision and cognitive process of an expert application security engineer. Grounded in Apiiro’s patented Deep Code Analysis (DCA), Apiiro AI-SAST combines call flow, data flow and reachability analysis with AI reasoning to eliminate false positives, validate exploitable risks, and fix true business risks.
Astra introduces offensive-grade cloud vulnerability scanner to cut noise and prove risk
Astra’s Cloud Vulnerability Scanner provides a continuous view of cloud posture and verifies the impact of each finding through offensive-grade testing. This gives security and DevOps teams validated insight into actual risks that reflect exploit paths.
Push Security detects and blocks malicious copy-and-paste activity
Push Security announced the release of a new feature designed to tackle one of the fastest-growing cyber threats: ClickFix-style attacks. The company’s latest innovation, malicious copy-and-paste detection, blocks users from copying malicious scripts in their web browser, preventing them from being run on machines, and cutting off attackers at the earliest opportunity.
Trellix advances NDR to close the OT-IT threat detection-to-response gap
Trellix announced Trellix NDR innovations, strengthening OT-IT security with integrated visibility across complex environments, enhanced detection capabilities, and automated investigation and response to reduce the threat detection-to-response gap. Trellix NDR provides deep behavioral detections, threat prioritizations, and visibility across East-West and North-South network traffic.
XM Cyber bridges external attack surface management with validated internal attack paths
XM Cyber announced an update to its platform that connects External Attack Surface Management with internal risk validation, closing the gap between what’s exposed outside and what exists inside. These enhancements provide a seamless, end-to-end approach, using validated exploitable attack paths.
