AI Triage Result
AI Triage Result
Did the AI confirm this finding as a real vulnerability, or did it flag it as a likely false positive?
AI Triage Result is a SAST prioritization stage based on the verdict produced by AI Triage. It separates AI-confirmed findings from likely false positives and from issues the AI could not classify with confidence, so teams can focus on what matters first.
Values for AI Triage Result
Potential True Positive: The AI is confident the finding is a real vulnerability based on the code context. These issues should advance through the funnel for further prioritization.
Potential False Positive: The AI is confident the finding is not a real vulnerability — for example, the data is sanitized, the path is unreachable, or the rule does not apply. Hidden by default in the funnel so they do not add noise.
Needs Review: The AI did not have enough context to reach a confident conclusion. A human reviewer should inspect the issue.
Not Calculated: AI Triage has not been executed for the issue, or the triage attempt failed. The issue has not yet received a verdict.
Default behavior in the SAST funnel
In the default SAST prioritization funnel, the AI Triage Result stage shows:
Potential True Positive
Needs Review
Not Calculated
Potential False Positive is hidden by default so AI-confirmed false positives are filtered out of the active backlog. They remain visible if you explicitly include the value in the funnel.
AI Triage Result is part of the default SAST funnel and is also available as a filter on the DAST funnel. The SCA funnel does not use this stage because AI Triage does not produce a verdict for SCA findings — false-positive detection for SCA is handled by Reachability.
The verdict reflects an AI assessment, not a definitive judgment. Do not permanently mute issues based on a Potential False Positive verdict alone — the issue slide-out exposes the AI reasoning so a human reviewer can confirm before acting.
Last updated