What is ACSM — and why every AI-assisted team needs one.

Why a new discipline?

Static analysis (SAST) scans code after it's written. Software composition analysis (SCA) scans dependencies after they're added. PR review catches what humans notice after the diff lands. All of it is reactive — fine when humans typed every line at a rate of a few hundred per day. Not fine when an AI agent ships 200 lines on a single prompt.

ACSM — Agentic Coding Security Management — is the discipline that moves security controls upstream of the AI. Instead of finding the bug after the agent writes it, ACSM gives the agent the constraints up front, so the bug never makes it to the diff.

The four ACSM pillars

Across the platforms staking a claim in this category, the consistent shape is four-pillar:

1. A model of what your repo is and what it's exposed to.
2. Guardrails that translate that model into specific, code-level rules.
3. Enforcement at the IDE — the rules ride the AI's prompt context before code is generated.
4. Verification at the PR — diff-aware, rule-tied, low-noise.

Get any one of the four wrong and you collapse back into SAST: late, noisy, reactive.

Threat-informed ACSM

VibeReview is built around a specific take on pillar one: the model has to be a threat model, not just a profile of the stack.

A code profile says "this is a FastAPI app with PostgreSQL and JWT auth." Useful, but it doesn't tell you what to defend against. A threat model says "this endpoint takes untrusted user input, lands in SQL via SQLAlchemy, the JWT is verified by an unaudited middleware, and an AI agent typically writes the query inline." Now you know exactly which guardrail belongs in front of the next prompt.

VibeReview reads your repo and builds the threat model first — entry points, trust boundaries, sensitive data flows, the moves an AI agent is most likely to mis-handle. The code profile is derived from that threat model. Guardrails are generated as direct responses to specific threats, mapped onto OWASP Top 10 (2025) and the Cisco AI Security Taxonomy. Every rule traces back to a real threat your repo has.

Where ACSM sits in your existing stack

ACSM doesn't replace SAST or SCA — it makes them quieter. SAST still runs as the periodic audit. SCA still flags CVEs in dependencies. PR review still catches architectural drift. What ACSM removes is the long tail of "the AI just wrote a SQL injection and we caught it in PR" — because the AI was given the guardrail before it wrote the line.

If your team is shipping AI-assisted code and you don't have an ACSM layer, you're paying for the bug twice: once in the triage queue, and once in the engineer time it costs to re-do the work. The threat-informed version of ACSM is the only version that closes that loop without adding friction to the developer.