Synapse Lets AI Flag False Positives, Never Delete Findings
Synapse's two-model AI triage flags false positives in security scans without deleting findings, preserving gate reliability and audit trails.
Security gates that block CI merges tend to get disabled once teams get tired of red builds caused by false positives. Synapse's new AI triage layer addresses this without handing an LLM the power to delete findings outright — the model can only propose that a finding is refuted, never confirm it alone.
The design has three safeguards: the model returns a strictly typed verdict (verdict/driver/confidence) validated server-side, a second, different model acts as an adversarial verifier that must independently agree at a 75+ confidence threshold, and refuted findings are never removed — they stay in the report and compliance table, just excluded from the gate's exit code. A deterministic scope classifier filters obvious noise before any model call, keeping token costs down.
In a live demo, the AI correctly flagged a false-positive SQL query built from a constant string while still marking a real SQL injection and a hardcoded AWS key as valid, keeping the gate red. For engineers building trust into security automation, the pattern is notable: let AI suggest, but never let it have the final say.