Let an AI clear out your false positives without letting it hide a real bug Synapse, a security gate tool, introduces AI-powered false-positive triage that never deletes findings. The system uses a two-model consensus: a proposer model suggests a false-positive verdict, and a separate verifier model must independently agree. Refuted findings are retained and marked but exempt from the gate's exit code, preventing AI from hiding real bugs. Last time I wrote about wiring up a security gate that blocks merges in CI with Synapse https://github.com/KKloudTarus/synapse-ce . Someone left a comment that hit the exact sore spot: "The gate is the easy part. Two weeks in, the team turns it off because it's red over false positives every single time." Yep. A gate that cries wolf too often dies on its own. People start hitting "merge anyway," and by the time a real vulnerability shows up, nobody's looking anymore. The obvious 2020s fix is to hand the whole pile to an LLM and say "delete the junk." Except: the moment a security tool lets an AI delete findings, you've just built a brand new vulnerability. The model guesses wrong once, a real SQL injection quietly drops off the report, and nobody's the wiser. So Synapse does it differently. The AI is allowed to propose that a finding is a false positive. It is never allowed to confirm that on its own, and it is never allowed to delete anything. This whole post is a real run. Terminal output at the bottom, nothing faked. Three rules, and all three exist so you can trust the output: 1. The model only proposes. It doesn't return prose, and it doesn't return a delete command. It returns exactly one typed verdict: verdict is one of refuted | sound | uncertain , driver is a closed snake case token not a sentence , and confidence is 0–100. That grammar is validated in Go. The model can hallucinate a whole paragraph of reasoning and none of it reaches the report. 2. A second, different model has to agree. When the first model proposes "refuted" with confidence ≥ 75, a separate verifier model gets called to assess the same finding independently. The refutation only stands if the verifier also says "refuted" at ≥ 75. And the verifier is prompted adversarially. Its job is to 3. Nothing gets deleted. A "refuted" finding is retain-and-mark: it stays in the report, it stays evidence-sealed, it still shows up in the compliance table. It's just exempt from the gate's exit code. The worst a wrong verdict can do is let one finding skip --fail-on . It can never make a finding disappear. One more thing, because it matters for the cost: this is the second layer. Before any model runs, a deterministic scope classifier already strips the obvious noise: test files, fixtures, that sort of thing. The model only gets the harder calls: is this sink actually attacker-controlled? Is that interpolated value a constant or user input? Model calls cost tokens, so they only run on production-scope, first-party source findings. It's opt-in. Four environment variables: export SYNAPSE FP TRIAGE ENABLED=true turn on AI false-positive triage export SYNAPSE LLM BASE URL=http://localhost:20128/v1 any OpenAI-compatible endpoint export SYNAPSE FP TRIAGE MODEL=