Accenture's Security Team Presents Scalable Application Security Solution at Black Hat

The presentation by Accenture’s security team at Black Hat details a five-year engagement with a Fortune 50 global services company to scale application security across 1,700 applications and 4,000–7,000 active developers without increasing headcount. The solution integrates AI-driven automation into the SDLC, including tools like AppNav for asset visibility, Arcbot for automated threat modeling and security requirement injection into developer backlogs, and AppSecBot for real-time vulnerability remediation via chat interfaces. Key metrics include a 90% implementation rate of security requirements, a 12x reduction in exploitable vulnerabilities, and a 95% decrease in third-party penetration test findings after one year. The system uses deterministic fixes, RAG-based AI suggestions, and vendor-agnostic scanners to propose and auto-implement fixes, creating security branches in pipelines for developer review. Automated penetration testing, leveraging open-source tools like SQLmap and JWT Tool, targets 4–4.5 million URL parameters every 2.5 months with a sub-5% false positive rate. The approach emphasizes shifting security left by embedding training and remediation directly into developer workflows, reducing friction between security and engineering teams.