Checkmarx Unveils AppSec Platform for the Age of Agentic Development

The rise of generative AI tools has turned software development into a near‑instantaneous process, allowing engineers to produce thousands of lines of code in minutes. While this acceleration fuels innovation, it also expands the attack surface: AI‑generated snippets often bypass traditional code reviews, and hidden model or dataset dependencies can introduce supply‑chain vulnerabilities. Security teams therefore face a paradox—maintaining rigorous protection without slowing the very velocity that AI promises. Existing AppSec solutions, built for human‑written code, struggle to keep pace with the scale and complexity of machine‑crafted applications.

Checkmarx One tackles these pressures by embedding autonomous security agents directly into the development workflow. Its Triage Assist AI evaluates vulnerabilities in source control against real‑world exploitability, while Remediation Assist auto‑generates merge‑ready fixes, dramatically cutting manual effort. A dedicated AI Supply Chain Security layer discovers hidden models, prompts, and datasets, applying policy controls before they reach production. The platform’s hybrid LLM‑powered SAST expands detection to emerging, AI‑generated languages, and the new DAST for AI provides runtime testing tailored to AI‑accelerated applications. By operating inside IDEs and CI/CD pipelines, the solution promises continuous, agentic governance rather than post‑hoc reviews.

If adopted widely, Checkmarx One could set a new baseline for application security in an AI‑first development era. Enterprises that integrate its agentic controls may achieve faster release cycles without compromising compliance, a competitive edge in sectors where speed and data protection are paramount. Competitors are likely to accelerate their own AI‑enhanced offerings, intensifying the race for comprehensive, automated AppSec platforms. Ultimately, the shift toward AI‑native security governance signals a broader industry move: safeguarding the software supply chain will increasingly depend on intelligent, real‑time agents rather than periodic audits.