Gartner’s new “Essential Skills for Security in Software Engineering” research (November 2025) outlines a major shift in how organizations must approach application security, as software engineers take on more responsibility for securing what they build.
Notably, Gartner recognizes Application Detection and Response (ADR) as an emerging capability that engineering-led teams need to understand, and OX is included as a Sample Vendor in this developing category.
What is ADR?
The following reflects OX Security’s perspective and does not represent Gartner’s views
The term Application Detection and Response (ADR) refers to a security capability focused on real-time monitoring, detection and response at the application layer, rather than just at the network, endpoint or infrastructure layers. Think of it as the second half of AppSec that everyone ignored for a decade. Traditional AppSec is built around finding problems in code and pipelines but never truly seeing how these problems behave once the application is running. ADR detects suspicious behaviors, risky flows, and exploitation paths inside the live application, then connects them back to their root cause in code.
It is the AppSec equivalent of EDR but actually tied to software creation instead of endpoints.
ADR at OX: The Missing Link Between Code and Reality
At OX Security, ADR isn’t a bolt-on runtime tool. It’s the context engine that closes the blind spot every AppSec program suffers from, the gap between what developers build and what the application actually does in the real world.
Most tools detect problems. OX connects them.
Runtime intelligence with origin tracking
ADR watches how your application behaves at runtime: APIs, microservices, dependencies, permissions, and maps every suspicious action back to the exact code path, pipeline step, asset, or dependency that created it. No more “runtime alert with no origin.”
Prioritization based on evidence, not noise
By linking runtime behavior to PBOM, API exposure, misconfigs, reachability, and real impact, ADR highlights only the risks that matter for the business. At OX, we develop code projection that simulates from code the runtime behavior and whether a vulnerability can be exploited even before it is released.
A feedback loop that makes AI-era development safer
ADR feeds live behavioral data into the AI Data Lake and VibeSec, giving developers real fix guidance grounded in what actually happened, not theoretical vulnerability reports.
The glue between shift left and shift right
This is why ADR in OX isn’t a separate product. It’s the runtime nervous system that unifies code, pipelines, AI-generated logic, and production behavior into one coherent AppSec posture.
With ADR, OX turns faster development into safer development – not more risk.
How ADR connects to AI
Here’s where it gets interesting.
AI accelerates development. That’s great, but it also accelerates mistakes, anti-patterns, and exploitable code paths. Attackers are also using AI to probe logic flows, abuse APIs, and chain weird behaviors humans would never think of.
ADR is the bridge between “AI is creating new forms of code” and “AI is creating new forms of attack.”
If AppSec doesn’t have ADR tied to the creation workflow, it becomes blind to AI-driven development and AI-driven exploitation. OX turns ADR into a closed-loop AI system:
Create, observe, learn, secure.
In short, AI accelerates code creation and attacker creativity, and ADR provides the real-time visibility, evidence, and behavioral context that AI needs to secure that new reality. Together, they form a feedback loop where AI helps detect and reason, and ADR provides the truth from runtime that keeps the AI grounded and effective.
***
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose
)
