Founders are sprinting on AI—attackers are too. Traditional security tools drown teams in alerts and miss the real threats.
In this episode, Almanax founder & CEO Francesco Piccoli breaks down AI-native application security: how LLMs detect logic bugs legacy scanners miss, cut up to 90% of noise, and triage vulnerabilities at the pace you ship. We cover where “shift-left” falls short, how to operationalize low-friction code scanning in GitHub, and what legal/compliance leaders expect before they’ll sign your deal.
If you’re building or buying AI-accelerated software as a founder, CTO, or security lead, this is the playbook.
chapter titles
00:00 AI-Native Security: Why It Matters Now
01:19 Francesco’s Path to AppSec
05:26 Why Legacy Tools Miss Real Bugs
10:48 The Cat-and-Mouse Reality of Cyber
15:46 Legal & Compliance: What Founders Owe
20:34 Founder Best Practices (Week-1 Checklist)
28:46 Cutting 90% of Alert Noise
36:32 Making Security Usable for Devs
39:45 When Breaches Happen: First Calls
41:53 Wrap-Up
Francesco Piccoli
Founder and CEO of Almanax, joins us to unpack how his team is building AI-native systems to catch 5x more bugs while cutting 90% of the noise. We talk about the future of application security, why shift-left isn’t enough anymore, and how triaging vulnerabilities at scale requires a new kind of intelligence.
Who should listen
Seed–Series B founders shipping fast on AI-native stacks
Eng leaders drowning in SAST/DAST false positives
Security & compliance owners prepping for SOC 2 / ISO 27001
Music Credit:
“Neptuno” - Phondupe (Album: Onykia)
Access All Areas.
Subscribe: Substack
Community & Events: Founders Circle
Connect: LinkedIn
Web: startupsdecoded.com
