SINGAPORE, June 16, 2025 — Azul, the Java-focused software firm, has introduced a major enhancement to its Intelligence Cloud platform aimed at transforming how enterprises detect and manage security vulnerabilities in Java applications.
The company’s newly announced class-level vulnerability detection capability brings what Azul claims is 100 to 1,000 times greater accuracy than conventional security tools, eliminating up to 99% of false positives. The breakthrough promises to relieve DevOps teams of the mounting burden of sifting through vast numbers of irrelevant security alerts, allowing them to focus on genuine security risks that require remediation.
The False Positive Dilemma in Java Security
The challenge of distinguishing real threats from irrelevant warnings has long hampered Java teams, particularly given the complexity of Java’s Common Vulnerabilities and Exposures (CVEs) framework. According to Azul’s 2025 State of Java Survey & Report, 33% of organisations report that more than half of their DevOps teams’ time is lost chasing false positives.
“Enterprises are drowning in Java security noise,” Azul said. Conventional AppSec tools often flag any presence of a vulnerable component in an application’s code, without assessing whether the vulnerable classes are actually executed during runtime. This results in large amounts of unnecessary triage and resource allocation to address issues that pose little to no actual risk.
Runtime Data Brings Surgical Precision
Azul’s new approach leverages runtime data to assess whether specific vulnerable classes are actively used in production, offering a far more precise assessment of actual risk.
Citing an example, the company pointed to CVE-2024-1597, a recent critical vulnerability in certain versions of the PostgreSQL JDBC driver. While traditional tools would flag any application containing the affected driver, Azul’s system is able to determine whether any of the 11 vulnerable classes within the 470-class component are actually invoked, thereby minimising unnecessary remediation efforts.
“The improved Vulnerability Detection features strengthen the proposition of Azul’s Intelligence Cloud analytics SaaS offering as a way to increase DevOps productivity and recover developer capacity by reducing the need for full-time employee time spent wasted on security false positives and inefficient triage,” said William Fellows, research director at 451 Research, part of S&P Global Market Intelligence.
AI-Driven Updates, No Performance Trade-Off
The Intelligence Cloud platform combines real-time and historical analysis with AI-powered updates that continuously track new Java CVEs from sources such as the National Vulnerabilities Database. The system supports Java applications running on Oracle JDK and any OpenJDK-based Java Virtual Machines (JVM), including those distributed by Amazon, Temurin, Microsoft, Red Hat, and others.
Importantly, Azul emphasised that its solution operates without affecting application performance, as it leverages runtime data already present within the JVM, eliminating the need for intrusive monitoring tools that can degrade system responsiveness.
Refocusing Security Efforts on Actual Risk
“Our mission is to help enterprises focus their security efforts on what matters — real risk, not noise,” said Scott Sellers, co-founder and CEO of Azul. “By eliminating up to 99% of false positives and pinpointing vulnerabilities with far greater accuracy, Azul Intelligence Cloud helps DevOps and security teams recover capacity, accelerate remediation, and maintain innovation velocity — all without compromising system performance.”
Azul’s innovation arrives as enterprises across Asia-Pacific continue to grapple with growing cybersecurity risks, while simultaneously seeking ways to optimise developer productivity amid heightened demand for faster, more resilient software delivery.