On-Point Fixes: How PatientPoint Outpaced Its Own Vulnerability Backlog
When PatientPoint's leadership saw how quickly new frontier LLMs could turn stray vulnerabilities into exploits, they didn't wait around.
Faster Code, Faster Risk
Femi Oyesanya, an application security engineer at the healthcare company, started to test out the capabilities of a new leading frontier LLM. “Our CEO initiated a program where we had to remediate vulnerabilities in a very short period of time,” he says.
It was a tall order. Developers were already using AI to write and ship code faster, which meant new vulnerabilities were entering the codebase faster too. Security had more findings to review, developers had more tickets to address, and the tickets were piling up.
PatientPoint was facing the same challenge many AppSec teams are now confronting in the AI era: code is shipping faster than security can keep up. According to Checkmarx’s recent Future of Application Security report, 30% of organizations admit they ship vulnerable code and simply “hope” those vulnerabilities won’t be discovered. That gap between shipping and securing is exactly where risk builds up.
PatientPoint needed a better way to close that gap. They needed security-specific intelligence that could help them prioritize real risk, reduce false positives, and generate remediation guidance their team could review and trust.
Less Noise, More Trust
That’s where Checkmarx’s Triage Assist and Remediation Assist came in. Together, these tools helped the team identify which vulnerabilities required action and apply AI-driven fixes with confidence.
“It enhanced the process drastically,” Femi says. “It was very accurate. It identified false positives and also gave developers the opportunity for human review. It was exactly what we wanted.”
The result? Noise dropped as false positives were filtered out before they ever reached a developer’s queue. Instead of spending time sorting through low-value findings, engineers could focus on the vulnerabilities that mattered and get back to building.
Praveer Chaturvedi, Senior Director of Product Management for Agentic AI at Checkmarx, says that developer experience is exactly the point.
“I used to be a developer in my past life,” he says, describing how security work once felt like “a distraction” from shipping features.
Faster Fixes, Stronger ROI
At PatientPoint, the reception of Triage Assist and Remediation Assist was positive. “One developer said, ‘Thank you. This is very useful,'” Femi recalls.
Just as important: the economics worked. Comparing token costs against other tools, the team found Checkmarx offered competitive pricing without sacrificing accuracy – giving PatientPoint a stronger return on its growing investment in AI-assisted development and security.
As Praveer puts it, the mission is bigger than one customer moving through their backlog. It’s about helping organizations use AI to find and fix vulnerabilities at the same pace, whether they’re brand new or years deep in the backlog. No more choosing between putting out today’s fires and finally clearing yesterday’s.
“AI has a role to play across all interaction points in the software development lifecycle,” Praveer says. “Triage and remediation are just the start. We’re bringing that same agentic help into the IDE, so developers spend less time on security and more time building.”
“It was very accurate. It identified false positives and gave developers the opportunity for human review. It was exactly what we wanted.”