Checkmarx Unveils AppSec Platform for Age of Agentic Development
Agent application security company Checkmarx today launched Checkmarx One, a platform built for years of agent development.
The platform embeds agent-based, AI-driven security across code, dependencies, AI assets and runtime, enabling businesses to gain security oversight and visibility right from the start.
“Traditional AppSec was not designed to deal with AI code,” where code is generated at machine speed, Eran Kinsbruner, vice president of marketing at Checkmarx, told SD Times. “When you talk about AI, you’re talking about unprecedented scale and speed. And the only way to stay ahead of that is to match the exact same capabilities, especially at speed and scale.”
Kinsbruner pointed out that if you simply trust the thousands of lines of code that AI can generate in minutes or less, you will be creating a structure without code quality, review and security. “Also, if you’re going through the AI scale and IDE speed phase, or you’re going to integrate AI code into existing legacy code, you’re moving into source control, management, the CI/CD pipeline, and [in terms of security]it’s late. The code is already moving to the next function. So it’s kind of an endless loop here that you need to control” to ensure safety.
Checkmarx sees this as moving from the software development lifecycle to the agent development lifecycle, Kinsbruner said. “The way we see the life cycle of agent development, it has several control points. If you can manage these control points with automatic review of AI code, AI quality assessment, but also AI security of the agent in the stage of writing code within the IDE, then after the pull request, if you missed anything in the coding and in the whole supply chain of AI up to production, you can effectively protect the code, you can prevent risks and be effectively protected. about and speed and security. Because right now, that’s the kind of barrier you have, the gap between the speed that AI gives you as a software engineer or an AI engineer and the security you have at the end of the road.
At the core of the reimagined Checkmarx One platform is a new architecture powered by enterprise security agents and native AI intelligence across the entire software and AI supply chain.
According to a company release, key new features within Checkmarx One include:
Triage Assist, an autonomous AI agent that prioritizes risks in source control based on real-world exploits and contextual risks, allowing teams to focus on what really matters rather than static pain points.
Remediation Assist, generates remediation ready for review to identify verified vulnerabilities before code integration, speeding up safe delivery and reducing manual remediation overhead.
AI Supply Chain Security, centralized governance and visibility of AI components embedded in modern applications. It discovers hidden AI assets, including models, agents, datasets, prompts, and AI-BOM features, detects vulnerabilities in model loading and execution, and enforces policy within existing workflows.
AI SAST, an integrated LLM-powered and query-based analysis engine that extends detection across emerging, unsupported, and AI-generated programming languages, extends security beyond traditional rules-based scanning.
DAST for AI, a next-generation analysis engine that strengthens runtime security across the CI/CD and production environment, supporting flexible testing strategies for AI-accelerated applications.
Together, the company said in its announcement, these innovations are “shifting application security from active updates to agent-based governance, keeping pace with the speed and complexity of AI-driven software development.”
“AI has compressed the software development cycle from months to minutes,” said Jonathan Rende, chief product officer at Checkmarx, in a statement. “When applications are that fast, risk is compounded quickly. Our redesigned agent platform allows development organizations to innovate at machine speed while leveraging AI-generated applications to protect the business.”
