diff --git a/readme.md b/readme.md
index fa54e33..ea967d9 100644
--- a/readme.md
+++ b/readme.md
@@ -254,6 +254,7 @@ Static Analysis Security Testing (SAST) tools scan software for vulnerabilities
 - [Hawkeye](https://github.com/hawkeyesec/scanner-cli) - _Hawkeyesec_ - Modularised CLI tool for project security, vulnerability and general risk highlighting.
 - [LGTM](https://lgtm.com/) - _Semmle_ - Scan and monitor code for security vulnerabilities using custom or built-in CodeQL queries.
 - [RIPS](https://www.ripstech.com/) - _RIPS Technologies_ - Automated static analysis for PHP, Java and Node.js projects.
+- [Sebastion AI](https://foundationmachines.ai) - _Foundation Machines_ - GitHub App that runs a security-first AI code review on every pull request, with CWE-tagged inline findings (Semgrep + LLM) and OSV-backed dependency checks. Free for public repos.
 - [SemGrep](https://semgrep.dev/) - _r2c_ - Semgrep is a fast, open-source, static analysis tool that finds bugs and enforces code standards at editor, commit, and CI time.
 - [SonarLint](https://www.sonarlint.org/) - _SonarSource_ - An IDE plugin that highlights potential security security issues, code quality issues and bugs. 
 - [SonarQube](https://www.sonarqube.org/) - _SonarSource_ - Scan code for security and quality issues with support for a wide variety of languages.