Checkmarx @Checkmarx

Today, we're introducing Checkmarx AI Inventory, bringing AI-BOM generation and governance to the software supply chain. 70% of teams expect AI components in production by the end of 2026. Yet 43% still lack formal governance over which AI components developers can use. As models, agents, MCP servers, skills, and other AI services become embedded across applications, organizations need visibility into what's running, control over what's allowed, and audit-ready documentation. Checkmarx AI Inventory delivers all three. Learn more: checkmarx.com/press-releases…

Excellence in software supply chain security has never mattered more. We're proud to announce that Checkmarx has been named a Leader in the inaugural Gartner® Magic Quadrant™ for Software Supply Chain Security. As organizations increasingly rely on open-source software, third-party components, containers, and AI-powered development tools, software supply chain security has become a critical part of modern application security. We believe this recognition reflects our commitment to helping organizations secure their software and AI supply chains through a unified platform that delivers visibility, context, and actionable risk prioritization directly within developer workflows. Thank you to our customers, partners, and teams around the world who continue to push us forward every day. Dive deeper into the report here: checkmarx.com/checkmarx-name…

Everyone wants a definitive playbook for AI security, but the problem is that technology is evolving faster than the playbooks. @ek121268 recently shared his perspective with @ReversingLabs on why uncertainty remains one of the defining characteristics of AI security, and why the organizations that succeed won't be the ones chasing certainty, but the ones continuously testing assumptions and adapting as the landscape evolves: reversinglabs.com/blog/agentic-a…

We're excited to welcome our 2026 Summer Interns to Checkmarx: 👏 Bilal Tulek 👏 Swetha Shivapooja 👏 Yona Karp We can't wait to see what they'll accomplish this summer. Welcome to the team! 🚀

keyboard_arrow_left Previous keyboard_arrow_right Next

Everyone's building AI agents; far fewer are thinking about how they'll operate them. The demo is the easy part. Production is where things get complicated: → Context engineering → Evaluation → Governance → Access controls → Prompt injection defenses → Reliability at scale In this new guide, Harshil Parikh explores the engineering iceberg beneath every AI security agent, and why operating one is often much harder than building one. checkmarx.com/blog/building-…

What started as a single malicious npm package turned out to be a much larger operation. Our @CheckmarxZero researchers uncovered a supply chain campaign that combined typosquatting, advanced obfuscation, and a blockchain-based command-and-control infrastructure designed for resilience. The packages may be gone, but the infrastructure remains active. Dive into the research, IoCs, detection guidance, and remediation steps ⤵️

Checkmarx Zero @CheckmarxZero

a week ago

Another day, another npm malware campaign. Checkmarx Zero researcher Pavan Guidmalla and team discovered ChainViel: a pernicious campaign with an unblockable command and control (C2) system built on the public blockchain. All affected packages have been removed from npm, but

0 3 3 224 0

Government agencies are under pressure to deliver software faster than ever, without compromising security. That’s exactly why we're excited to partner with @Carahsoft to bring Checkmarx's prevention-first application security platform to the Public Sector, helping organizations embed security across the software lifecycle, reduce risk earlier, and accelerate the delivery of mission-critical applications. Read more about the partnership: checkmarx.com/press-releases…

AI is creating code faster than security teams can review it. The challenge isn't finding more vulnerabilities; it's finding the ones that matter. Today, Checkmarx One introduced a new hybrid SAST engine that delivers: 📈 Industry-leading scanning fidelity 📉 60% fewer false positives 🌐 Coverage for AI-generated code, emerging languages, and polyglot apps In testing across 7 production codebases, it achieved an F1 score more than 3x the average of the approaches we evaluated. More signal. Less noise. Learn more: checkmarx.com/press-releases…

Measuring security testing accuracy requires more than a benchmark or a single metric. It requires realistic applications, rigorous validation, and a process you can repeat over and over again as the technology evolves. @DarrenPMeyer and Antonio Pires from the @CheckmarxZero team share how our research team approaches that challenge and why good data is essential for separating genuine improvements from industry hype. checkmarx.com/zero-post/proo…

Checkmarx Zero @CheckmarxZero

2 weeks ago

AI doesn't replace established security testing tools, but it can augment them — if you're thoughtful about how you do so. We've been in the lab for months working on generating real data on various approaches that improve overall accuracy (not just reducing FPs, but reducing FNs

0 2 4 166 1

For years, AppSec has focused on protecting applications. Now there's a new question: How do you protect the agents building, reviewing, and remediating them? That's one of the conversations we'll be tackling at Agentic AppSec Unleashed 2026 on June 16th. Grab your spot for free: checkmarx.ai/?utm_source=x&…

For years, vulnerability management has been built around the idea that teams have time to find, prioritize, and fix issues. But what happens when that timeline keeps getting shorter? In this month's newsletter, we explore one of the biggest takeaways from our latest Future of Application Security report: → 75% of organizations knowingly ship vulnerable code → Only 9% fix 90% or more of vulnerabilities within 90 days → 81% experienced two or more breaches in the past year The challenge isn't finding vulnerabilities. It's closing the gap between identifying them and actually fixing them. Read more: linkedin.com/pulse/2350-res…

🚨AI is changing software development faster than security teams can adapt. The 2026 Future of Application Security Report is here, and our research found that: ⚠️ 95% of CISOs faced pressure to delay or suppress security issues ⚠️ 75% of organizations knowingly ship vulnerable code ⚠️ AI-generated code is widening the gap between dev speed and security readiness The problem isn't awareness. It's execution. As AI accelerates development, security teams need more than visibility. They need a way to prioritize what matters, govern AI responsibly, and remediate risk at the speed software is built. Download the full report here: checkmarx.com/foa-report/

AI-generated code was only the beginning. Now AI is showing up across the whole workflow: writing, reviewing, remediating, and occasionally creating a very impressive Spider-Man pointing situation. The opportunity is huge. So is the need for guardrails. Modern AppSec has to govern how software gets built, not just scan what shows up at the end.

Security teams aren’t just defending applications anymore. They’re defending AI-generated code, autonomous workflows, exploding attack surfaces, and release cycles moving at machine speed. That’s why Agentic AppSec Unleashed ‘26 is bringing together leaders across AppSec, AI, engineering, and security to talk about what happens next, and how teams avoid falling permanently behind. 🚀June 16 | Free Virtual Event Register today: checkmarx.ai/?utm_source=x&…

Live from the @Gartner Security & Risk Management Summit! Come stop by Booth #1030 to meet the Checkmarx team and talk all things AppSec, AI-generated code, risk prioritization, and remediation. And don't miss @ek121268's theater session later today: 🎤When Code Secures Itself: The Rise of Agentic AI in Application Security 📅Today at PM 📍Theater 3 See you out there.

Vulnerability management isn't just about finding issues. It's about getting the right issues to the right people with enough context to take action. That's one of the themes explored in this recent @ReversingLabs article featuring insights from security leaders across the industry. @ek121268 shared his perspective on the growing gap between findings and actionability, and what it takes to help teams focus on the issues that matter most. Read more 👇reversinglabs.com/blog/5-lessons…

Who is joining the Agentic AppSec Summit this year? We’re thrilled to welcome more industry leaders to unpack what happens when AI accelerates both software development and exploitation, and what security teams need to do about it. You’ll hear from experts like: → Michael Schrank, Former Group CISO, Adidas → Joseph Wilson, CSG → Laurent Donnay, Deutsche Telekom → Anand Singh, Symmetry Systems → Femi Oyesanya, PatientPoint 🚀Get ready for a packed day of exciting conversations, practical insights, and a glimpse at where AppSec is headed next on June 16 at 10:00 am EST. Register for free. checkmarx.ai/?utm_source=x&…

The May edition of The Monthly Check Up is here! AI is speeding up software development and shrinking the window between vulnerability disclosure and exploitation right along with it. This month we’re covering: → Why traditional remediation timelines are breaking down → Where AI-powered defense still falls short → What modern AppSec programs need to adapt Read it here: linkedin.com/pulse/exploita…