Checkmarx has announced an updated version of its application security platform, Checkmarx One, designed to address the rise of so-called agentic development.
According to the company, the announcement marks a shift from the traditional software development cycle to a new, AI-driven development cycle with multiple checkpoints, as reported by SD Times. In this approach, security is no longer performed as a separate step but is continuously applied throughout the entire process.
According to Checkmarx, traditional AppSec no longer keeps pace with the speed and scale of software development today. Whereas development cycles used to take months, AI can now generate large amounts of code in a short time. This creates a situation in which security is often applied only when the code is already further along in the chain—for example, in CI/CD processes—by which time the risk has increased.
The company argues that security should instead occur during coding in the development environment. If AI-generated code is added or merged with existing legacy systems without verification, vulnerabilities can quickly spread throughout the rest of the development chain. This leads to a continuous process in which code is passed along, further and further, while risks accumulate if there is no direct oversight.
The updated Checkmarx One platform is designed to manage this dynamic. It combines AI-driven security with an architecture that uses autonomous agents to monitor code, dependencies, AI components, and runtime environments. The platform uses multiple checkpoints throughout the development cycle, ensuring risks are identified and addressed earlier.
Speed versus security
According to Checkmarx leadership, the rise of AI is putting pressure on the balance between development speed and security. Software can be developed faster and faster, but that also means vulnerabilities accumulate more quickly. The company argues that this gap can only be bridged by applying the same speed and scale to security.
The platform introduces several new features that use AI to support development teams. For example, the system can automatically determine which vulnerabilities are high-priority based on context and the actual likelihood of exploitation, rather than relying solely on static scores. Additionally, developers can receive automatically generated solutions for security issues even before code is merged.
Checkmarx also places a strong emphasis on the security of the AI chain itself. The platform maps components such as models, datasets, and prompts, and checks for risks associated with their use and execution. At the same time, it expands detection capabilities to new and AI-generated programming languages, which are often limited by traditional analysis tools.
With this approach, Checkmarx aims to shift from reactive security to a governance-centered model. By continuously and automatically applying security throughout the entire development process, it should be possible to develop faster without increasing risk.
The new capabilities are available in the enterprise edition of Checkmarx One and will be rolled out in phases to other versions of the platform.