Agentic application security company Checkmarx today unveiled Checkmarx One, a platform built for the age of agentic development.
The platform embeds agentic, AI-driven security across code, dependencies, AI assets and runtime, which enables enterprises to have oversight and visibility into security right from the start.
“Traditional AppSec was never built to deal with AI coding,” where code is generated at machine speed, Eran Kinsbruner, vice president of marketing at Checkmarx, told SD Times. “When you talk about AI, you talk about unprecedented scale and speed. And the only way to stay on top of that is by matching the exact same capabilities, especially on the speed and scale.”
Kinsbruner pointed that if you simply trust the thousands of lines of code that AI can generate in minutes or less, you’ll be creating a build without any code quality, review and security. “And, if you’re passing in the AI scale and speed phase of the IDE, or you’re going to merge AI code into existing legacy code, then you’re moving towards the source control, management, the CI/CD pipeline, and [in terms of security], it’s already too late. The code is already moving to the next task. So it’s kind of an endless loop here that you need to govern” to ensure security.
Checkmarx views this as an evolution from the software development life cycle to the agentic development life cycle, Kinsbruner said. “The way we see the agentic development life cycle, you have several control points. If you’re able to govern these control points with automated AI code reviews, AI quality checks, but also agentic AI security in the coding phase within the IDE, then after the pull request, if you missed anything in the coding and throughout the entire AI supply chain up until production, you can vibe code successfully, securely, and you can actually bridge the risk gap that we are talking about between velocity and security. Because right now, this is kind of the barrier you have, a gap between the velocity that AI gives you as a software engineer or AI engineer and the security that you have at the end of the road.”
At the core of the reimagined Checkmarx One platform is a new architecture powered by agentic security agents and AI-native intelligence across the software and AI supply chain.
According to the company’s release, key innovations within Checkmarx One include:
Triage Assist, an autonomous AI agent that prioritizes vulnerabilities in source control based on real-world exploitability and contextual risk, enabling teams to focus on what truly matters rather than static severity scores.
Remediation Assist, generates review-ready fixes for validated vulnerabilities before code merges, accelerating secure delivery and reducing manual remediation overhead.
AI Supply Chain Security, a centralized governance and visibility layer for AI components embedded in modern applications. It discovers hidden AI assets, including models, agents, datasets, prompts, and AI-BOM elements, detects model-loading and execution risks, and enforces policy within existing development workflows.
AI SAST, a hybrid LLM-powered and query-based analysis engine that expands detection across emerging, unsupported, and AI-generated programming languages, extending security beyond traditional rules-based scanning.
DAST for AI, a next-generation dynamic analysis engine that strengthens runtime protection across CI/CD and production environments, supporting flexible testing strategies for AI-accelerated applications.
Together, the company said in its announcement, these innovations “shift application security from reactive review to agentic governance, aligned with the speed and complexity of AI-driven software development.”
“AI has compressed the software development lifecycle from months to minutes,” Jonathan Rende, chief product officer at Checkmarx, said in the announcement. “When applications move that fast, risk compounds just as quickly. Our redesigned agentic platform allows development organizations to innovate at machine speed while securing AI generated applications to protect the business.”