Agentic software safety firm Checkmarx at this time unveiled Checkmarx One, a platform constructed for the age of agentic improvement.
The platform embeds agentic, AI-driven safety throughout code, dependencies, AI belongings and runtime, which permits enterprises to have oversight and visibility into safety proper from the beginning.
“Conventional AppSec was by no means constructed to take care of AI coding,” the place code is generated at machine velocity, Eran Kinsbruner, vice chairman of promoting at Checkmarx, instructed SD Occasions. “If you speak about AI, you speak about unprecedented scale and velocity. And the one approach to keep on high of that’s by matching the very same capabilities, particularly on the velocity and scale.”
Kinsbruner pointed that should you merely belief the hundreds of strains of code that AI can generate in minutes or much less, you’ll be making a construct with none code high quality, assessment and safety. “And, should you’re passing within the AI scale and velocity part of the IDE, otherwise you’re going to merge AI code into present legacy code, then you definately’re shifting in direction of the supply management, administration, the CI/CD pipeline, and [in terms of security], it’s already too late. The code is already shifting to the subsequent job. So it’s type of an infinite loop right here that you could govern” to make sure safety.
Checkmarx views this as an evolution from the software program improvement life cycle to the agentic improvement life cycle, Kinsbruner mentioned. “The best way we see the agentic improvement life cycle, you have got a number of management factors. When you’re in a position to govern these management factors with automated AI code critiques, AI high quality checks, but in addition agentic AI safety within the coding part throughout the IDE, then after the pull request, should you missed something within the coding and all through the whole AI provide chain up till manufacturing, you possibly can vibe code efficiently, securely, and you’ll really bridge the chance hole that we’re speaking about between velocity and safety. As a result of proper now, that is type of the barrier you have got, a spot between the rate that AI provides you as a software program engineer or AI engineer and the safety that you’ve got on the finish of the street.”
On the core of the reimagined Checkmarx One platform is a brand new structure powered by agentic safety brokers and AI-native intelligence throughout the software program and AI provide chain.
In keeping with the corporate’s launch, key improvements inside Checkmarx One embrace:
Triage Help, an autonomous AI agent that prioritizes vulnerabilities in supply management primarily based on real-world exploitability and contextual threat, enabling groups to concentrate on what actually issues reasonably than static severity scores.
Remediation Help, generates review-ready fixes for validated vulnerabilities earlier than code merges, accelerating safe supply and decreasing handbook remediation overhead.
AI Provide Chain Safety, a centralized governance and visibility layer for AI elements embedded in fashionable functions. It discovers hidden AI belongings, together with fashions, brokers, datasets, prompts, and AI-BOM components, detects model-loading and execution dangers, and enforces coverage inside present improvement workflows.
AI SAST, a hybrid LLM-powered and query-based evaluation engine that expands detection throughout rising, unsupported, and AI-generated programming languages, extending safety past conventional rules-based scanning.
DAST for AI, a next-generation dynamic evaluation engine that strengthens runtime safety throughout CI/CD and manufacturing environments, supporting versatile testing methods for AI-accelerated functions.
Collectively, the corporate mentioned in its announcement, these improvements “shift software safety from reactive assessment to agentic governance, aligned with the velocity and complexity of AI-driven software program improvement.”
“AI has compressed the software program improvement lifecycle from months to minutes,” Jonathan Rende, chief product officer at Checkmarx, mentioned within the announcement. “When functions transfer that quick, threat compounds simply as shortly. Our redesigned agentic platform permits improvement organizations to innovate at machine velocity whereas securing AI generated functions to guard the enterprise.”
