Applications that are deployed to production are subject to attacks that spot vulnerabilities that cannot be found looking at the source code like SAST does.
Some of them can be detected by DAST, but in this case you just have an output if the vulnerability is creating an "external" feedback (like a
500 error). If the problem is visible only "inside" the application, there is no easy way to know it happened.
Interactive Application Security Testing (IAST) aims to see how an app reacts to a security scan from inside the application. This is normally done using an agent that is deployed as part of the application, and that is strictly integrated with it.
Runtime Application Self-Protection Security (RASP) uses this approach to spot vulnerabilities looking at the internal calls that may report errors while an external probe is running, like DAST does.