Security tools promise to help developers. In practice, many of them just relocate the burden. The vulnerability still needs to be understood, researched, and fixed, only now the developer is doing it across two or three tools instead of one, hours or days after they wrote the code in question. The real test of an […]
Agentic AI for Defense: How Checkmarx Turns Security into a Coding Partner
“AI-powered” has become the default label for every security tool on the market. But there’s a meaningful difference between a tool that uses AI to generate alerts after the fact and one that actively participates in development, preventing vulnerabilities as code is written. That difference is what separates reactive AI from agentic AI. And it […]
Sophisticated Supply Chain Attack Targeting Trivy Expands to Checkmarx, LiteLLM
The supply chain attack that compromised Aqua Security’s Trivy open source security vulnerability scanner and its associated GitHub Actions earlier this month continues to expand, with software development tools from Checkmarx and LiteLLM being the latest victims of the sophisticated campaign. The threat group behind it, TeamPCP, is using the attacks to create persistence and […]
Checkmarx Adds Orchestration Framework to DevSecOps Platform
Checkmarx this week revamped its DevSecOps platform to include an orchestration framework for managing tasks assigned to artificial intelligence (AI) agents. Additionally, the company has added two additional artificial intelligence (AI) agents trained to triage vulnerabilities and remediate them using code it generates for review while at the same time adding an ability to discover […]
The AI Productivity Paradox: How Developer Throughput Can Stall
Software engineering leaders have invested heavily in generative AI coding assistants for over two years—and for good reason. For many teams, the productivity gains appear significant. I hear the same story in conversations with leadership at dozens of enterprises: thanks to AI, developers complete tasks faster, write more code, and spend less time on boilerplate […]
Checkmarx Extends Vulnerability Detection to AI Coding Tool from AWS
Checkmarx this week revealed it has added support for the Kiro artificial intelligence (AI) coding tool provided by Amazon Web Services (AWS) to its Checkmarx Developer Assist that leverages AI to surface vulnerabilities before code is committed. The Checkmarx IDE extension for Kiro is designed to be activated from within the Developer Assist tab that […]
60% of Code Is AI-Generated—Are We in Trouble?
Jonathan Rende, chief product officer at Checkmarx, tackle’s one of the most urgent questions in AppSec right now: what happens when AI starts writing the majority of your software? With estimates that as much as 60% of code is being generated by AI in some environments—and that AI-authored code is already finding its way into […]
DevSec Relationship Status: It’s Complicated (But Fixable)
Remember that plastic Fisher-Price Shape Sorter from when you were a kid, where you had to fit different-shaped colorful blocks into their matching slots? And that oddly satisfying moment when the green triangle block slid out of your fingers and landed perfectly into place? That tiny ASMR-inducing thrill of making all the parts of a […]
Checkmarx Report Details Havoc Caused by ‘Everything’ Package on NPM Registry
A Checkmarx report details an ‘Everything’ package distributed via the NPM registry that cripples any machine used to download it.
Checkmarx Surfaces Threat to GitHub Repositories
Checkmarx reported that malicious actors have been able to compromise GitHub’s Dependabot, the free automated dependency management tool for software projects.