The Apiiro CLI brings the Apiiro platform to your terminal and to your AI coding assistants, giving them six native security capabilities: scanning, risk management, remediation, an AI security analyst (via Apiiro Guardian Agent), AI Threat Modeling, and prompt enrichment. It installs in seconds on macOS, Linux, and Windows via brew, direct download, or RPM.
Apiiro CLI ships with agent skills, structured capability definitions that AI coding assistants like Claude Code and Cursor can read and invoke autonomously. These install with one simple command, npx skills add apiiro/cli-releases, and, once installed, give your AI assistants a clear understanding of what Apiiro can do, and invoke the right capability with the right software graph context.
No memorized commands. No context switching. No dashboard. Just tell your AI assistant what you need:
- “Scan this repo for secrets before I push”
- “What security risks does this repo have?”
- “Threat model the feature I’m about to build”
- “Fix the critical risks in this service”
– and security becomes part of the conversation.
The traditional security workflow (find → report → ticket → fix) takes days to weeks. When vulnerabilities get exploited in minutes, that cycle length is unacceptable.
But when security is built into the AI coding assistant, the loop becomes: enrich → prevent → verify. Security findings get surfaced within developer workflows, remediation time collapses, and vulnerable patterns are never generated in the first place. This prevention occurs at every commit, across every repo, without adding headcount.
Six skills. Zero interruptions.
Here are the six security skills that ship with Apiiro CLI:
1. Scan: Catch secrets and vulnerable dependencies
Trigger: When the user mentions scanning code, secrets detection, or OSS vulnerabilities.
Fast local scanning for leaked secrets and open-source vulnerabilities, with results in seconds. After your AI assistant generates code, it can run a scan on changed files, report any findings, and apply fixes, all before a single line reaches a commit. For CI/CD pipelines, diff-scan compares git references and blocks on critical findings, creating an auditable security gate whether the code was written by a human or an agent.
Outcome: Secrets and known CVEs caught at the moment of generation, not weeks later in a ticket queue.
2. Risks: Your security risk inventory, in context
Trigger: When the user asks about security risks, vulnerabilities, or findings.
Your AI assistant queries Apiiro’s full risk inventory, filtered by severity, category, or finding type, and explains each finding in the context of your codebase. No dashboard. No spreadsheet. No context switch. Risk data reaches developers through the tool they already use, reducing mean time to remediate (MTTR) by transforming vulnerability investigation into part of the coding conversation.
Outcome: Developers engage with security findings inside their workflow, not in a backlog they never open.
3. Fix: From finding to remediation in one flow
Trigger: When the user wants to fix, remediate, or resolve a security risk.
Apiiro’s risk intelligence connects to your AI assistant’s coding ability. It retrieves risk details, pulls remediation instructions tailored to the finding type, and applies the fix directly in your codebase. For secrets, it removes the exposure. For vulnerable dependencies, it upgrades to a patched version. For code-level findings, it rewrites the vulnerable pattern. When automated remediation isn’t available, it falls back to Apiiro Guardian Agent for guided advice, and applies the fix either way.
Outcome: Remediation collapses from days to minutes, without requiring a developer to leave their IDE.
4. Guardian Agent: Your continuous AI AppSec engineer, operating 24/7 across the SDLC
Trigger: When the user wants AI-powered security analysis or asks questions about codebase security.
Guardian is Apiiro’s AI security agent. It knows your codebase, your dependencies, and your risk history. Its answers are specific to your repository, not generic advice. Ask it anything: “Is my auth implementation secure?” “What’s the attack surface of this service?” “How should I handle file uploads safely?”
For security leaders, Guardian’s org-wide mode answers natural-language posture questions across all repositories: “What are our top critical risks this week?”
No dashboards. No query languages. No waiting for a weekly report.
Outcome: Every developer has an AppSec engineer on demand. Every security leader has instant, org-wide visibility.
5. AI Threat Modeling: Proactive security before a single line is written
Trigger: When the user wants threat analysis or STRIDE review of a design or feature spec.
Give the CLI a feature description, spec, or architectural change, and it returns a STRIDE-based threat analysis before code generation begins. This is prevention at its earliest possible point.
The real power is chaining the threat-model with Apiiro Secure Prompt: describe a feature, receive a structured threat analysis, then feed those threats into Secure Prompt to generate security-hardened implementation requirements for each countermeasure.
Outcome: Threat modeling shifts from a quarterly exercise to a per-feature habit, with zero additional overhead on the developer. The workflow becomes: describe → threat-model → secure-prompt → build.
6. Secure-Prompt: Write secure code from the first instruction
Trigger: When the user wants to add security requirements to a coding task.
Give the CLI a development task, and it returns that same task enriched with security requirements specific to your repo’s stack, dependencies, and known risk profile. The business intent is preserved, but security guardrails are added around it, before the AI agent writes a single line.
Outcome: Vulnerable patterns are never generated in the first place. The cost to fix drops to zero.
Practical outcomes
For developers and AppSec practitioners, Apiiro CLI turns secure development into a trusted conversation with your AI coding agents. Once your assistants have access to Apiiro security capabilities, development scenarios can be secured in seconds with a simple secure prompt:
AI is rewriting how software is built. Security platforms that weren’t designed for AI agents will become irrelevant because AI agents can’t interact with them.
The Apiiro CLI is proof that being AI-native means more than using AI inside your platform. It means building a platform that AI can use. One where the AI agent that writes the code can also scan it, risk-assess it, threat-model it, and fix it, before it ever reaches production.
Security should be easily accessible to the developer and visible to the leader. The CLI is how we make that real.
