How Kaltura Accelerated Engineering Velocity and Slashed Security Noise by 80%

Kaltura, a global leader in video streaming technology, successfully optimized its security operations by moving away from fragmented, noisy scanners to an integrated security engineering strategy. By leveraging the OX platform, Kaltura eliminated 80% of irrelevant security noise and increased critical issue resolution by 40%. This shift allowed their engineering teams to maintain high-velocity innovation and meet aggressive delivery timelines without being weighed down by false positives or manual triage. Shai Sivan describes the impact of this transformation on their operations: “OX allows you to do fast onboarding, fast remediation. You can see the result very, very quickly”.

Before partnering with OX, Kaltura’s security efforts were hindered by disconnected tools that generated an overwhelming volume of low-context alerts . The security team found themselves spending excessive hours on manual verification, sifting through thousands of findings to identify a handful of real risks.

As engineering teams embraced AI-driven development (VibeCoding) to speed up feature delivery, the friction caused by legacy scanners became a significant operational tax. This noise not only delayed releases but also created a “trust gap” between security and development, as teams struggled to distinguish between theoretical vulnerabilities and actual runtime threats. Kaltura needed a way to move beyond finding bugs to a system that could accurately prioritize risk and keep pace with their rapid growth. Sagiv Peer explains the core challenge faced by the team: “I think that the biggest security challenge was visibility”.

To streamline their workflow, Kaltura adopted a centralized security fabric to consolidate data and transition to a proactive security model . The strategy focused on moving away from reactive “find and fix” cycles to a secure-by-design approach.

By implementing the OX platform, Kaltura integrated security guardrails directly into the development lifecycle, ensuring that protection was built-in from the start. They moved beyond narrow tool categories to establish a unified control plane that mapped vulnerabilities across the entire software delivery pipeline. This holistic approach allowed Kaltura to apply consistent security rules and organizational context to every repository, ensuring that only validated, high-priority risks were surfaced to the developers.

The turning point for Kaltura was gaining environment-aware intelligence that automatically filtered out non-exploitable noise . Instead of forcing developers to chase “ghost” vulnerabilities, the platform prioritized risks based on their actual exploitability and business impact.

Sagiv Peer notes the clarity this brought to the team: “What we got in the first five minutes is an end-to-end clear supply chain. I knew exactly where everything was, exactly what my security issues were”.

This transformation enabled vibe security, the ability to identify production exposures and resolve them at the source before they could be exploited. This changed the internal perception of security; it was no longer a bottleneck but an enabler of speed. By providing developers with accurate, actionable data at the point of origin, the security team fostered a collaborative environment where engineering and security operated as a single, high-velocity unit.

The shift from noisy, fragmented scanning to a unified, AI-native platform delivered dramatic improvements in efficiency for Kaltura:

• 80% Reduction in False Positives: Deep context eliminated the operational noise that previously paralyzed remediation efforts and frustrated developers.
• 40% Faster Resolution of Critical Issues: Engineering teams were empowered to fix high-impact risks immediately, significantly reducing the organization’s overall security debt.
• Integrated Supply Chain Integrity: The platform provided a verifiable PBOM, ensuring security and visibility across every step of the software delivery process.
• Strengthened Developer Trust: By providing only reachable and relevant alerts, the security team removed friction and allowed engineers to stay focused on shipping innovation.

• Accuracy is the Key to Velocity: In an era of AI-driven coding, a high false-positive rate is a business risk that stops innovation; you need intelligence that understands the running application.
• Consolidation Solves Fragmented Visibility: A unified platform is the only way to effectively prioritize vulnerabilities across modern, complex global environments.
• Remediation Must Be Proactive: To protect at the speed of business, organizations must move to a code-to-runtime model, using environment-aware context to solve risks at the source before they reach production.