Customer Story: How Rapyd Secured Its Applications with Kodem’s Adversarial Edge

The Problem

As Rapyd’s engineering teams accelerated their development pace, the challenges of securing their sprawling application portfolio became more acute. Thousands of applications, each one a potential target. The conventional security tools they relied on were overwhelmed, drowning the security team in a flood of false positives. Worse, these tools lacked the crucial context needed to identify which vulnerabilities were actually exploitable. The result? A security operation bogged down by endless triage, leaving engineers frustrated and critical threats potentially unchecked.

Rapyd needed more than just vulnerability management—they needed to understand their systems the way an attacker would. To identify the weak points that could serve as entry points in an attack, and to empower their engineering teams to respond swiftly and effectively.

The Kodem Solution

Kodem offered Rapyd a fresh perspective—literally. By harnessing the power of runtime-powered SAST and SCA, Kodem provided Rapyd with a dynamic, real-time analysis of both their proprietary code and open-source components. But what set Kodem apart was its ability to provide an adversary’s view of Rapyd’s entire application ecosystem.

Kodem’s runtime-powered SAST didn’t just scan code—it watched how the code behaved in real-world conditions, identifying vulnerabilities that traditional tools missed and drastically reducing false positives. For open-source and third-party libraries, Kodem’s SCA tool offered a deep dive into potential risks, continuously monitoring and assessing their security posture.

But the real game-changer was Kodem’s attack chain analysis. This feature went beyond identifying vulnerabilities; it traced the potential paths an attacker could take to exploit them. Kodem pinpointed the flaws that could be used in the initial stages of an attack, allowing Rapyd to break the chain of an intrusion before it could escalate. By focusing on code and libraries that were not just vulnerable but also reachable, external-facing, and exploitable, Rapyd’s engineers could prioritize their efforts where it mattered most.

Perhaps most crucially, Kodem made this process self-service. Rapyd’s engineers didn’t have to wait for a centralized security team to act—they were equipped to identify and remediate threats themselves, in real-time. This decentralized approach turned security into a seamless part of the development process, rather than a roadblock.

The Results

The impact of Kodem’s approach was immediate and profound. Rapyd cut over 400 hours of triage time, freeing their security team to focus on strategic threats rather than chasing down false alarms. With more than 4,050 applications under continuous monitoring, Kodem’s tools became an integral part of Rapyd’s security infrastructure.

Nir Rothenberg, Rapyd’s CISO, put it bluntly: “Kodem didn’t just improve our security—it fundamentally changed our approach. By giving us the attacker’s perspective, we’re able to neutralize threats before they can gain a foothold. Our engineers now own the security of their code, and as a result, we’re delivering better, more secure applications faster than ever.”

Conclusion

In the volatile world of fintech, where every transaction is a potential target, Rapyd couldn’t afford to rely on outdated security models. Kodem offered them something new—a way to stay ahead of the attackers by thinking like one. With Kodem’s adversarial view and attack chain analysis, Rapyd didn’t just secure their applications; they transformed security from a reactive process into a proactive strategy. In this ongoing battle, Kodem is the edge that keeps Rapyd one step ahead.