<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	 xmlns:media="http://search.yahoo.com/mrss/" >

<channel>
	<title>Checkmarx</title>
	<atom:link href="https://checkmarx.com/feed/" rel="self" type="application/rss+xml" />
	<link>https://checkmarx.com/</link>
	<description>The world runs on code. We secure it.</description>
	<lastBuildDate>Wed, 01 Jul 2026 21:23:29 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	

<image>
	<url>https://checkmarx.com/wp-content/uploads/2026/06/favicon_spring-150x150.webp</url>
	<title>Checkmarx</title>
	<link>https://checkmarx.com/</link>
	<width>32</width>
	<height>32</height>
</image> 
	<item>
		<title>You&#8217;re Securing Your Code. But Are You Securing the AI Inside It? </title>
		<link>https://checkmarx.com/blog/youre-securing-your-code-but-are-you-securing-the-ai-inside-it/</link>
		
		<dc:creator><![CDATA[Emma Datny]]></dc:creator>
		<pubDate>Wed, 24 Jun 2026 09:02:30 +0000</pubDate>
				<category><![CDATA[AI & LLM Tools in Application Security]]></category>
		<category><![CDATA[Blog]]></category>
		<category><![CDATA[Supply Chain Security]]></category>
		<category><![CDATA[Agentic AI]]></category>
		<category><![CDATA[AI-Generated Code]]></category>
		<category><![CDATA[Open-Source Supply Chain]]></category>
		<category><![CDATA[shadow ai]]></category>
		<category><![CDATA[Software Supply Chain Security]]></category>
		<guid isPermaLink="false">https://staging.checkmarx.com/?p=113527</guid>

					<description><![CDATA[Modern applications&#160;don&#8217;t&#160;just run on code anymore. They run on models, agents, embeddings, datasets, and&#160;autonomous tools like MCP servers. Developers are pulling pre-trained LLMs from Hugging Face, integrating open-source agent frameworks, and wiring up AI pipelines faster than security teams can track them.&#160;Unlike&#160;rogue&#160;npm&#160;packages, these components&#160;don’t&#160;show up cleanly in your existing dependency graph.&#160; For AppSec teams, this [&#8230;]]]></description>
										<content:encoded><![CDATA[<p class="wp-block-paragraph">Modern applications&nbsp;don&#8217;t&nbsp;just run on code anymore. They run on models, agents, embeddings, datasets, and&nbsp;autonomous tools like MCP servers. Developers are pulling pre-trained LLMs from Hugging Face, integrating open-source agent frameworks, and wiring up AI pipelines faster than security teams can track them.&nbsp;Unlike&nbsp;rogue&nbsp;npm&nbsp;packages, these components&nbsp;don’t&nbsp;show up cleanly in your existing dependency graph.&nbsp;</p>



<p class="wp-block-paragraph">For AppSec teams, this creates&nbsp;two&nbsp;core&nbsp;problems:&nbsp;&nbsp;volume and visibility.&nbsp;</p>



<ul class="wp-block-list">
<li>
<strong>Volume</strong>. AI&nbsp;is&nbsp;speeding up&nbsp;development output,&nbsp;but&nbsp;AI-generated&nbsp;code&nbsp;produces&nbsp;<a href="https://coderabbit.ai/blog/state-of-ai-vs-human-code-generation-report" target="_blank" rel="noreferrer noopener"><strong>1.7x more vulnerabilities</strong></a><strong>&nbsp;than human-written code</strong>. More code means more findings per scan, growing backlogs, and a security team&nbsp;forced&nbsp;to&nbsp;choose between rigor and velocity.&nbsp;&nbsp;</li>
</ul>



<ul class="wp-block-list">
<li>
<strong>Visibility</strong>. The AI components&nbsp;<em>powering</em>&nbsp;development&nbsp;–&nbsp;models, datasets, MCP servers, agent frameworks, and prompt libraries&nbsp;–&nbsp;are entering codebases without formal review&nbsp;or&nbsp;governance.&nbsp;Most organizations&nbsp;don’t&nbsp;know which AI assets&nbsp;they’re&nbsp;running, where&nbsp;they’re&nbsp;embedded, or what risk they carry. That gap has consequences:&nbsp;over&nbsp;<a href="https://deepstrike.io/blog/supply-chain-attack-statistics-2025" target="_blank" rel="noreferrer noopener"><strong>75% of organizations</strong></a><strong>&nbsp;have experienced a software supply chain attack in the last year,&nbsp;</strong>because every new&nbsp;AI&nbsp;component&nbsp;introduces&nbsp;a&nbsp;potential attack path.&nbsp;&nbsp;</li>
</ul>



<p class="wp-block-paragraph">As development speeds up,&nbsp;these unmanaged AI components accumulate faster than security teams can evaluate them, pushing AppSec&nbsp;programs&nbsp;beyond the limits they were designed for.&nbsp;&nbsp;</p>



<h2 class="wp-block-heading article-anchor" id="the-shadow-ai-problem-in-your-software-supply-chain">
<strong>The Shadow AI Problem in Your Software Supply Chain</strong>&nbsp;</h2>



<p class="wp-block-paragraph">This gap&nbsp;exists&nbsp;because&nbsp;traditional AppSec&nbsp;was built for a world where the building blocks of software were code, libraries, and configurations. That world still exists,&nbsp;but&nbsp;now&nbsp;it&nbsp;runs alongside a parallel supply chain of AI components that most tools&nbsp;can’t&nbsp;see.&nbsp;</p>



<p class="wp-block-paragraph">Today, a&nbsp;typical AI-enabled application might include&nbsp;a&nbsp;fine-tuned LLM pulled from a public model hub,&nbsp;an agent framework that invokes external tools autonomously, an MCP server connecting the app to live data sources,&nbsp;embeddings generated from sensitive internal documents,&nbsp;and system prompts hardcoded in config files.&nbsp;</p>



<p class="wp-block-paragraph">None of these appear in a standard SBOM&nbsp;and only&nbsp;a&nbsp;few&nbsp;get flagged in a standard code scan.&nbsp;Each&nbsp;introduces&nbsp;distinct&nbsp;risks,&nbsp;from model poisoning and unverified weights to unsafe autonomous tool invocation and exposed datasets.&nbsp;</p>



<p class="wp-block-paragraph"><strong>Three forces are&nbsp;making&nbsp;this worse:</strong>&nbsp;</p>



<ul class="wp-block-list">
<li>
<strong>Visibility is breaking down.</strong>&nbsp;Most organizations&nbsp;can’t&nbsp;fully inventory which AI assets are in use, where&nbsp;they&nbsp;live, or what risk they introduce.&nbsp;It&nbsp;mirrors&nbsp;the&nbsp;early days&nbsp;of open-source governance, but with faster adoption and&nbsp;higher-stakes components.&nbsp;</li>
</ul>



<ul class="wp-block-list">
<li>
<strong>The toolchain has expanded.</strong>&nbsp;Every model, dataset, MCP server, API, and open-source dependency creates a&nbsp;potential&nbsp;attack path.&nbsp;This growing web of dependencies increases both complexity and&nbsp;exposure.&nbsp;&nbsp;</li>
</ul>



<ul class="wp-block-list">
<li>
<strong>Shadow AI is&nbsp;the new shadow IT.</strong>&nbsp;Just as shadow IT created governance blind spots in the cloud era, developers and DevOps teams are&nbsp;adopting AI tools, models, and plugins without formal security review,&nbsp;often because&nbsp;no<strong>&nbsp;</strong>review process&nbsp;exists&nbsp;yet.&nbsp;</li>
</ul>



<p class="wp-block-paragraph">The attack surface&nbsp;isn’t&nbsp;theoretical.&nbsp;The EU&nbsp;AI Act, ISO 42001, and NIST AI RMF&nbsp;now treat&nbsp;<a href="https://info.checkmarx.com/managing-cyber-risks" target="_blank" rel="noreferrer noopener">AI&nbsp;component&nbsp;governance as a compliance requirement</a>. If your AppSec program&nbsp;can’t&nbsp;answer&nbsp;<em>what AI is in&nbsp;your software</em>,&nbsp;<em>where&nbsp;it&nbsp;is</em>, and&nbsp;<em>what&nbsp;it&nbsp;does</em>,&nbsp;you have a gap.&nbsp;</p>



<h2 class="wp-block-heading article-anchor" id="why-existing-approaches-fall-short">
<strong>Why Existing Approaches Fall Short</strong>&nbsp;</h2>



<p class="wp-block-paragraph">Several vendors have taken a swing at AI security, but&nbsp;the results&nbsp;don’t&nbsp;quite land for AppSec teams.&nbsp;&nbsp;</p>



<ul class="wp-block-list">
<li>
<strong>Cloud-posture&nbsp;tools</strong>&nbsp;that<strong>&nbsp;</strong>view<strong>&nbsp;</strong>AI through the lens of services and infrastructure exposure. These tools are&nbsp;useful, but they miss&nbsp;what’s&nbsp;embedded directly in code and configuration.&nbsp;&nbsp;</li>
</ul>



<ul class="wp-block-list">
<li>
<strong>Artifact-level&nbsp;scanners</strong>&nbsp;review&nbsp;model files for malicious payloads, but&nbsp;don’t&nbsp;provide&nbsp;visibility into how those models are wired into your applications in the first place.&nbsp;</li>
</ul>



<ul class="wp-block-list">
<li>
<strong>SCA extensions</strong>&nbsp;that<strong>&nbsp;</strong>identify&nbsp;open-source LLM dependencies in package manifests, but&nbsp;don’t&nbsp;understand&nbsp;agent frameworks, MCP servers, embedded prompts, or dataset references.&nbsp;</li>
</ul>



<p class="wp-block-paragraph">Most importantly,&nbsp;tools that rely on AI&nbsp;inference&nbsp;to detect AI&nbsp;introduce&nbsp;the&nbsp;exact&nbsp;kind of non-determinism that&nbsp;worries&nbsp;auditors. If your compliance report is&nbsp;exclusively&nbsp;based on probabilistic detection, it&nbsp;isn’t&nbsp;audit-ready.&nbsp;</p>



<p class="wp-block-paragraph">To close this gap, you need a fundamentally different approach to discovery.&nbsp;&nbsp;</p>



<h2 class="wp-block-heading article-anchor" id="deterministic-discovery-seeing-whats-actually-there">
<strong>Deterministic Discovery: Seeing What&#8217;s Actually There</strong>&nbsp;</h2>



<p class="wp-block-paragraph">Checkmarx&nbsp;AI Supply Chain Security takes a different approach: code-first, deterministic detection&nbsp;with high-fidelity scanning. Instead of inferring the presence of AI assets, it reads them directly from imports, manifests, file paths, and configuration&nbsp;–&nbsp;the same signals a developer would&nbsp;traditionally&nbsp;follow&nbsp;to understand what a codebase depends on.&nbsp;</p>



<p class="wp-block-paragraph">This means:&nbsp;</p>



<ul class="wp-block-list">
<li>
<strong>LLMs and model references</strong>&nbsp;are&nbsp;identified&nbsp;by their identifiers in code and config, not guessed from patterns&nbsp;</li>
</ul>



<ul class="wp-block-list">
<li>
<strong>Agent frameworks</strong>&nbsp;are detected from imports and initialization code&nbsp;</li>
</ul>



<ul class="wp-block-list">
<li>
<strong>MCP servers</strong>&nbsp;are discovered from configuration and integration points&nbsp;</li>
</ul>



<ul class="wp-block-list">
<li>
<strong>Datasets and embeddings</strong>&nbsp;are traced from references in source and manifests&nbsp;</li>
</ul>



<ul class="wp-block-list">
<li>
<strong>System prompts</strong>&nbsp;are surfaced from hardcoded strings and config files&nbsp;</li>
</ul>



<p class="wp-block-paragraph">The result is a complete, auditable AI asset inventory,&nbsp;not a probabilistic best guess. Every finding can be traced back to a specific line of code or configuration entry, which matters when&nbsp;you’re&nbsp;presenting results to a compliance auditor or explaining a finding to a developer.&nbsp;</p>



<h2 class="wp-block-heading article-anchor" id="risk-assessment-built-for-ai-specific-threats">
<strong>Risk Assessment Built for AI-Specific Threats</strong>&nbsp;</h2>



<p class="wp-block-paragraph">Visibility&nbsp;helps&nbsp;close the gap, but it&nbsp;doesn’t&nbsp;solve the volume problem.&nbsp;More assets mean more potential risks, more findings, and more decisions – now extending across an entirely new&nbsp;class of components.&nbsp;&nbsp;</p>



<p class="wp-block-paragraph">Once you know what&nbsp;AI assets exist, you&nbsp;still&nbsp;need to understand what risks they&nbsp;introduce&nbsp;and how to&nbsp;address&nbsp;them&nbsp;at scale.&nbsp;</p>



<p class="wp-block-paragraph">Checkmarx&nbsp;AI Supply Chain Security&nbsp;assesses AI-specific supply chain risks that traditional AppSec tools&nbsp;weren’t&nbsp;built to find, including:&nbsp;</p>



<ul class="wp-block-list">
<li>
<strong>Model poisoning and unverified weights</strong>: Models pulled from public sources without integrity verification can carry malicious payloads or backdoors introduced during training. The LLM Security scanner&nbsp;identifies&nbsp;ML artifacts&nbsp;<strong>(</strong>PyTorch&nbsp;files, GGUF, H5, and others<strong>)&nbsp;</strong>and evaluates them for deserialization and execution risks.&nbsp;</li>
</ul>



<ul class="wp-block-list">
<li>
<strong>Unpinned&nbsp;model versions</strong>:&nbsp;Floating model references&nbsp;(the AI equivalent of * in a package manifest)&nbsp;let upstream updates silently change&nbsp;your application&#8217;s&nbsp;behavior. Version pinning is enforced as a policy requirement.&nbsp;</li>
</ul>



<ul class="wp-block-list">
<li>
<strong>Unsafe autonomous agents</strong>: Agents that invoke external tools without proper scope constraints create execution risks that are unique to AI systems. These are surfaced and assessed as part of the asset inventory.&nbsp;&nbsp;</li>
</ul>



<ul class="wp-block-list">
<li>
<strong>Exposed datasets and embeddings</strong>: Datasets used for fine-tuning or RAG pipelines can expose sensitive internal information if&nbsp;they&#8217;re&nbsp;not properly scoped. Dataset references are tracked as first-class assets with their own risk profiles.&nbsp;&nbsp;</li>
</ul>



<ul class="wp-block-list">
<li>
<strong>Dataset exposure and license violations</strong>: Open-source models and datasets carry licensing obligations that differ significantly from traditional software licenses. AI asset metadata includes license information, enabling policy enforcement before non-compliant components ship.&nbsp;</li>
</ul>



<div style="position: relative; width: 100%; padding-bottom: 56.25%; height: 0;">
  <iframe src="https://www.youtube.com/embed/44G0Wyj5Ip4?si=E4LRQCXsWKBJGyxV" title="YouTube video player" style="position: absolute; top: 0; left: 0; width: 100%; height: 100%;" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen>
  </iframe>
</div>



<h2 class="wp-block-heading article-anchor" id="the-same-workflows-extended-to-cover-ai">
<strong>The Same Workflows. Extended&nbsp;To Cover AI.</strong>&nbsp;</h2>



<p class="wp-block-paragraph">Adding a new security tool&nbsp;usually&nbsp;means adding friction: a new platform to learn, a new set of alerts to triage, a new reporting workflow to&nbsp;maintain&nbsp;in parallel with everything else.&nbsp;This is where AppSec integration matters.&nbsp;</p>



<p class="wp-block-paragraph">Checkmarx&nbsp;AI Supply&nbsp;Chain Security is built&nbsp;directly&nbsp;into&nbsp;Checkmarx&nbsp;One,&nbsp;the same platform where&nbsp;you’re&nbsp;already managing vulnerabilities, running SAST and SCA, enforcing policies, and generating compliance reports. There is no separate product&nbsp;or parallel workflow to manage.&nbsp;</p>



<p class="wp-block-paragraph">In practice, that means:&nbsp;</p>



<ul class="wp-block-list">
<li>
<strong>AI&nbsp;components&nbsp;appear&nbsp;alongside traditional findings</strong>&nbsp;in the same dashboards, with the same triage workflows.&nbsp;</li>
</ul>



<ul class="wp-block-list">
<li>
<strong>Policy enforcement happens in pull requests and CI/CD</strong>, the same way you gate on open-source vulnerabilities or SAST findings today. You can block unapproved models, flag unsafe agents, or require version pinning without writing custom automation.&nbsp;</li>
</ul>



<ul class="wp-block-list">
<li>
<a href="https://checkmarx.com/ai-bom/" target="_blank" rel="noreferrer noopener"><strong>AI-BOM generation</strong></a><strong>&nbsp;</strong>means that&nbsp;AI assets appear in the same Bill of Materials as your OSS dependencies, with origins, licenses, dependencies, and risk metadata attached.&nbsp;</li>
</ul>



<ul class="wp-block-list">
<li>
<strong>ASPM workflows</strong>&nbsp;including&nbsp;risk orchestration, analytics, dashboards,&nbsp;extend naturally to cover AI components without separate instrumentation.&nbsp;</li>
</ul>



<ul class="wp-block-list">
<li>
<strong>API and CLI support</strong>&nbsp;lets<strong>&nbsp;</strong>AI scanning&nbsp;drop&nbsp;into existing pipeline automation without new integrations.&nbsp;</li>
</ul>



<p class="wp-block-paragraph">The goal is accountability without friction.&nbsp;You’re&nbsp;not replacing your AppSec workflow;&nbsp;you’re&nbsp;just&nbsp;extending it&nbsp;to cover a&nbsp;new&nbsp;class of components.&nbsp;</p>



<h2 class="wp-block-heading article-anchor" id="heres-what-your-appsec-team-gets">
<strong>Here’s What Your&nbsp;AppSec Team&nbsp;Gets</strong>&nbsp;</h2>



<p class="wp-block-paragraph">The result is a practical extension of your existing AppSec program.&nbsp;</p>



<ul class="wp-block-list">
<li>
<strong>Complete AI asset inventory across the enterprise.</strong>&nbsp;Every LLM, agent framework, MCP server, dataset, embedding, and system prompt that exists in your codebase&nbsp;is&nbsp;surfaced&nbsp;deterministically from code and configuration, compiled into a searchable, auditable&nbsp;catalog.&nbsp;</li>
</ul>



<ul class="wp-block-list">
<li>
<strong>AI-specific risk assessment.</strong>&nbsp;Model poisoning, unverified weights, unsafe agents, exposed datasets, unpinned versions&nbsp;are detected&nbsp;with evidence-backed findings and actionable remediation guidance.&nbsp;</li>
</ul>



<ul class="wp-block-list">
<li>
<strong>Regulatory readiness.</strong>&nbsp;AI-BOMs&nbsp;are&nbsp;aligned&nbsp;with&nbsp;compliance posture tracking against EU AI Act, ISO 42001, NIST AI RMF, and OWASP LLM Top 10,&nbsp;and ready to export when an auditor asks.&nbsp;</li>
</ul>



<ul class="wp-block-list">
<li>
<strong>Policy enforcement in the developer workflow.</strong>&nbsp;Approved model lists, framework allowlists, version pinning requirements&nbsp;are&nbsp;enforced&nbsp;in pull requests and CI/CD, not after the fact.&nbsp;</li>
</ul>



<ul class="wp-block-list">
<li>
<strong>No new platform overhead.</strong>&nbsp;Everything lives in&nbsp;Checkmarx&nbsp;One, using the same permissions, dashboards, and reporting your team already relies on.&nbsp;&nbsp;</li>
</ul>



<!-- ====================================================================
  CHECKMARX · MCP BLOG CTA CARD  (v2 — theme-proof fonts + responsive)
  How to use: paste this entire block into a "Custom HTML" block
  in the WordPress editor.

  ➊ ADD YOUR LINKS — two spots below are marked 🔗 (or search href="#").
     Replace the # with the full URL, e.g. href="https://checkmarx.com/..."
  ➋ FONT — DM Sans is loaded two ways (the <link/> below AND an @import
     inside the <style>) so it survives plugins/themes that strip one or
     the other. If the theme already loads DM Sans, you can delete both.
     Note: if a privacy/GDPR or performance plugin blocks Google Fonts
     site-wide, ask the web team to enqueue DM Sans in the theme instead.
==================================================================== -->
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=DM+Sans:wght@400;500;700&#038;display=swap" rel="stylesheet">

<div class="cxcta">
  <style>
    @import url('https://fonts.googleapis.com/css2?family=DM+Sans:wght@400;500;700&display=swap');

    /* Scoped under .cxcta. Typography carries !important on every text
       element because WP theme rules like ".entry-content p" otherwise
       out-rank the card's classes and swap in the theme's own font,
       sizes, and spacing — which is what broke v1. */
    .cxcta{
      --cx-violet:   #6B34FD;
      --cx-magenta:  #A822BF;
      --cx-orange:   #F25929;
      --cx-midnight: #140921;
      --cx-white:    #FCF9FE;
      --cx-font: "DM Sans","Helvetica Neue",Helvetica,Arial,sans-serif;
      font-family: var(--cx-font);
      margin: 2.5rem 0;
    }
    .cxcta, .cxcta *, .cxcta *::before, .cxcta *::after{ box-sizing:border-box; }

    .cxcta .cxcta-card{
      position: relative;
      overflow: hidden;
      text-align: center;
      background:
        radial-gradient(120% 90% at 50% -10%, rgba(107,52,253,.32), transparent 55%),
        radial-gradient(70% 60% at 100% 110%, rgba(168,34,191,.20), transparent 60%),
        radial-gradient(60% 50% at 0% 100%,   rgba(107,52,253,.16), transparent 60%),
        var(--cx-midnight);
      border: 1px solid rgba(107,52,253,.45);
      border-radius: 24px;
      padding: clamp(40px,7vw,76px) clamp(20px,6vw,72px);
      -webkit-font-smoothing: antialiased;
      -moz-osx-font-smoothing: grayscale;
    }

    /* Eyebrow */
    .cxcta p.cxcta-eyebrow{
      margin: 0 0 18px !important;
      padding: 0 !important;
      font-family: var(--cx-font) !important;
      font-size: .78rem !important;
      font-weight: 500 !important;
      letter-spacing: .22em !important;
      line-height: 1.5 !important;
      text-transform: uppercase !important;
      color: #A685FD !important; /* Quantum Violet 60% tint */
    }
    .cxcta .cxcta-dash{
      display: inline-block;
      width: 22px; height: 2px;
      margin: 0 12px 4px 0;
      vertical-align: middle;
      border-radius: 2px;
      background: var(--cx-violet);
    }

    /* Headline — fluid from phone to desktop */
    .cxcta h2.cxcta-title{
      margin: 0 auto 16px !important;
      padding: 0 !important;
      font-family: var(--cx-font) !important;
      font-size: clamp(1.75rem, 1.1rem + 3.4vw, 2.9rem) !important;
      font-weight: 700 !important;
      letter-spacing: -.02em !important;
      line-height: 1.12 !important;
      color: var(--cx-white) !important;
      text-wrap: balance;
    }
    .cxcta .cxcta-grad{ /* approved violet → orange gradient on one key word */
      background: linear-gradient(90deg,var(--cx-violet),var(--cx-orange));
      -webkit-background-clip: text;
      background-clip: text;
      color: transparent;
      -webkit-text-fill-color: transparent;
    }
    @supports not ((-webkit-background-clip:text) or (background-clip:text)){
      .cxcta .cxcta-grad{ background:none; color:var(--cx-orange); -webkit-text-fill-color:currentColor; }
    }

    /* Intro copy — fluid size */
    .cxcta p.cxcta-intro{
      max-width: 620px;
      margin: 0 auto !important;
      padding: 0 !important;
      font-family: var(--cx-font) !important;
      font-size: clamp(1rem, .9rem + .55vw, 1.2rem) !important;
      font-weight: 400 !important;
      letter-spacing: 0 !important;
      line-height: 1.65 !important;
      color: rgba(252,249,254,.78) !important;
    }
    .cxcta p.cxcta-intro strong{
      color: var(--cx-white) !important;
      font-weight: 700 !important;
    }

    /* Buttons */
    .cxcta .cxcta-actions{
      display: flex;
      flex-wrap: wrap;
      gap: 14px;
      justify-content: center;
      margin-top: 34px;
    }
    .cxcta a.cxcta-btn{
      display: inline-flex;
      align-items: center;
      justify-content: center;
      gap: 8px;
      min-height: 54px;
      padding: 15px 30px;
      border-radius: 12px;
      font-family: var(--cx-font) !important;
      font-size: 1.0625rem !important;
      font-weight: 700 !important;
      line-height: 1.2 !important;
      text-align: center;
      text-decoration: none !important;
      border-bottom: none !important;
      box-shadow: none !important;
      transition: transform .18s ease, filter .18s ease,
                  background-color .18s ease, border-color .18s ease;
    }
    .cxcta a.cxcta-btn--primary{
      background-image: linear-gradient(90deg,var(--cx-violet),var(--cx-magenta));
      color: var(--cx-white) !important;
    }
    .cxcta a.cxcta-btn--primary:hover{ filter: brightness(1.1); transform: translateY(-1px); }
    .cxcta a.cxcta-btn--ghost{
      background: rgba(252,249,254,.05);
      border: 1px solid rgba(252,249,254,.28);
      color: var(--cx-white) !important;
    }
    .cxcta a.cxcta-btn--ghost:hover{
      border-color: rgba(107,52,253,.9);
      background: rgba(107,52,253,.14);
    }
    .cxcta a.cxcta-btn:focus-visible{ outline: 3px solid #A685FD; outline-offset: 3px; }
    .cxcta .cxcta-arrow{ flex:none; transition: transform .18s ease; }
    .cxcta a.cxcta-btn--primary:hover .cxcta-arrow{ transform: translateX(3px); }

    /* ---------- Responsive ----------
       Desktop ≥ 901px: full padding, buttons side by side.
       Tablet 641–900px: fluid type steps down, buttons stay inline
       and wrap gracefully if the column is narrow.
       Mobile ≤ 640px: buttons stack full-width, tighter eyebrow.   */
    @media (max-width: 900px){
      .cxcta .cxcta-card{ border-radius: 20px; }
      .cxcta .cxcta-actions{ margin-top: 30px; }
    }
    @media (max-width: 640px){
      .cxcta{ margin: 2rem 0; }
      .cxcta .cxcta-card{ border-radius: 18px; }
      .cxcta p.cxcta-eyebrow{ font-size: .7rem !important; letter-spacing: .16em !important; margin-bottom: 14px !important; }
      .cxcta .cxcta-dash{ width: 16px; margin-right: 9px; }
      .cxcta .cxcta-actions{ flex-direction: column; align-items: stretch; gap: 12px; margin-top: 26px; }
      .cxcta a.cxcta-btn{ width: 100%; padding: 15px 18px; font-size: 1rem !important; }
    }
    @media (max-width: 380px){
      .cxcta h2.cxcta-title{ font-size: 1.55rem !important; }
    }
    @media (prefers-reduced-motion: reduce){
      .cxcta *{ transition: none !important; }
    }
  </style>

  <div class="cxcta-card">

    <p class="cxcta-eyebrow"><span class="cxcta-dash" aria-hidden="true"></span>Upcoming Live Webinar | 9 July 10:00AM EDT</p>

    <h2 class="cxcta-title article-anchor" id="shadow-ai-in-the-sdlc-a-practitioner-panel-on-visibility-risk-and-the-road-to-governed-ai">
<span class="cxcta-grad">Shadow AI in the SDLC:</span> A Practitioner Panel on Visibility, Risk, and the Road to Governed AI</h2>

    <div class="cxcta-actions">

      <!-- 🔗 LINK 1 of 1 -->
      <a class="cxcta-btn cxcta-btn--primary" href="https://checkmarx.com/shadow-ai-in-the-sdlc/">Register Now<span class="cxcta-arrow" aria-hidden="true">&rarr;</span></a>

    </div>

  </div>
</div>
<!-- ==================== END CHECKMARX CTA CARD ==================== -->



<h2 class="wp-block-heading article-anchor" id="the-bottom-line-for-appsec">
<strong>The Bottom Line for AppSec</strong>&nbsp;</h2>



<p class="wp-block-paragraph">AI components&nbsp;have changed what your software is made of and&nbsp;are&nbsp;now&nbsp;part of the software supply chain.&nbsp;The question&nbsp;isn’t&nbsp;whether they&nbsp;exist, but&nbsp;whether&nbsp;your AppSec program can handle the visibility and volume that they introduce.&nbsp;&nbsp;&nbsp;</p>



<p class="wp-block-paragraph">Governing&nbsp;the AI supply chain&nbsp;isn’t&nbsp;optional anymore.&nbsp;Your AppSec program&nbsp;needs&nbsp;the&nbsp;visibility, tooling,&nbsp;and workflow integration&nbsp;to keep up.&nbsp;<a href="https://checkmarx.com/solutions/ai-supply-chain-security/" target="_blank" rel="noreferrer noopener">Checkmarx&nbsp;AI Supply Chain Security</a>&nbsp;is&nbsp;built for that.&nbsp;Deterministic discovery, evidence-backed risk assessment, and end-to-end governance built directly into&nbsp;developer&nbsp;workflows. It integrates&nbsp;with your existing&nbsp;pipelines,&nbsp;giving you&nbsp;a unified risk picture across&nbsp;code, dependencies, models, and runtime environments&nbsp;without&nbsp;adding&nbsp;another silo to manage.&nbsp;</p>



<h2 class="wp-block-heading article-anchor" id="see-it-in-action">
<strong>See It in Action</strong>&nbsp;</h2>



<p class="wp-block-paragraph">If this gap sounds familiar, it&nbsp;likely&nbsp;already&nbsp;exists in your organization’s environment.&nbsp;The good news?&nbsp;&nbsp;It’s&nbsp;solvable&nbsp;without&nbsp;disrupting&nbsp;the AppSec program&nbsp;you’ve&nbsp;already built.&nbsp;</p>



<!-- ====================================================================
  CHECKMARX · MCP BLOG CTA CARD  (v2 — theme-proof fonts + responsive)
  How to use: paste this entire block into a "Custom HTML" block
  in the WordPress editor.

  ➊ ADD YOUR LINKS — two spots below are marked 🔗 (or search href="#").
     Replace the # with the full URL, e.g. href="https://checkmarx.com/..."
  ➋ FONT — DM Sans is loaded two ways (the <link/> below AND an @import
     inside the <style>) so it survives plugins/themes that strip one or
     the other. If the theme already loads DM Sans, you can delete both.
     Note: if a privacy/GDPR or performance plugin blocks Google Fonts
     site-wide, ask the web team to enqueue DM Sans in the theme instead.
==================================================================== -->
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=DM+Sans:wght@400;500;700&#038;display=swap" rel="stylesheet">

<div class="cxcta">
  <style>
    @import url('https://fonts.googleapis.com/css2?family=DM+Sans:wght@400;500;700&display=swap');

    /* Scoped under .cxcta. Typography carries !important on every text
       element because WP theme rules like ".entry-content p" otherwise
       out-rank the card's classes and swap in the theme's own font,
       sizes, and spacing — which is what broke v1. */
    .cxcta{
      --cx-violet:   #6B34FD;
      --cx-magenta:  #A822BF;
      --cx-orange:   #F25929;
      --cx-midnight: #140921;
      --cx-white:    #FCF9FE;
      --cx-font: "DM Sans","Helvetica Neue",Helvetica,Arial,sans-serif;
      font-family: var(--cx-font);
      margin: 2.5rem 0;
    }
    .cxcta, .cxcta *, .cxcta *::before, .cxcta *::after{ box-sizing:border-box; }

    .cxcta .cxcta-card{
      position: relative;
      overflow: hidden;
      text-align: center;
      background:
        radial-gradient(120% 90% at 50% -10%, rgba(107,52,253,.32), transparent 55%),
        radial-gradient(70% 60% at 100% 110%, rgba(168,34,191,.20), transparent 60%),
        radial-gradient(60% 50% at 0% 100%,   rgba(107,52,253,.16), transparent 60%),
        var(--cx-midnight);
      border: 1px solid rgba(107,52,253,.45);
      border-radius: 24px;
      padding: clamp(40px,7vw,76px) clamp(20px,6vw,72px);
      -webkit-font-smoothing: antialiased;
      -moz-osx-font-smoothing: grayscale;
    }

    /* Eyebrow */
    .cxcta p.cxcta-eyebrow{
      margin: 0 0 18px !important;
      padding: 0 !important;
      font-family: var(--cx-font) !important;
      font-size: .78rem !important;
      font-weight: 500 !important;
      letter-spacing: .22em !important;
      line-height: 1.5 !important;
      text-transform: uppercase !important;
      color: #A685FD !important; /* Quantum Violet 60% tint */
    }
    .cxcta .cxcta-dash{
      display: inline-block;
      width: 22px; height: 2px;
      margin: 0 12px 4px 0;
      vertical-align: middle;
      border-radius: 2px;
      background: var(--cx-violet);
    }

    /* Headline — fluid from phone to desktop */
    .cxcta h2.cxcta-title{
      margin: 0 auto 16px !important;
      padding: 0 !important;
      font-family: var(--cx-font) !important;
      font-size: clamp(1.75rem, 1.1rem + 3.4vw, 2.9rem) !important;
      font-weight: 700 !important;
      letter-spacing: -.02em !important;
      line-height: 1.12 !important;
      color: var(--cx-white) !important;
      text-wrap: balance;
    }
    .cxcta .cxcta-grad{ /* approved violet → orange gradient on one key word */
      background: linear-gradient(90deg,var(--cx-violet),var(--cx-orange));
      -webkit-background-clip: text;
      background-clip: text;
      color: transparent;
      -webkit-text-fill-color: transparent;
    }
    @supports not ((-webkit-background-clip:text) or (background-clip:text)){
      .cxcta .cxcta-grad{ background:none; color:var(--cx-orange); -webkit-text-fill-color:currentColor; }
    }

    /* Intro copy — fluid size */
    .cxcta p.cxcta-intro{
      max-width: 620px;
      margin: 0 auto !important;
      padding: 0 !important;
      font-family: var(--cx-font) !important;
      font-size: clamp(1rem, .9rem + .55vw, 1.2rem) !important;
      font-weight: 400 !important;
      letter-spacing: 0 !important;
      line-height: 1.65 !important;
      color: rgba(252,249,254,.78) !important;
    }
    .cxcta p.cxcta-intro strong{
      color: var(--cx-white) !important;
      font-weight: 700 !important;
    }

    /* Buttons */
    .cxcta .cxcta-actions{
      display: flex;
      flex-wrap: wrap;
      gap: 14px;
      justify-content: center;
      margin-top: 34px;
    }
    .cxcta a.cxcta-btn{
      display: inline-flex;
      align-items: center;
      justify-content: center;
      gap: 8px;
      min-height: 54px;
      padding: 15px 30px;
      border-radius: 12px;
      font-family: var(--cx-font) !important;
      font-size: 1.0625rem !important;
      font-weight: 700 !important;
      line-height: 1.2 !important;
      text-align: center;
      text-decoration: none !important;
      border-bottom: none !important;
      box-shadow: none !important;
      transition: transform .18s ease, filter .18s ease,
                  background-color .18s ease, border-color .18s ease;
    }
    .cxcta a.cxcta-btn--primary{
      background-image: linear-gradient(90deg,var(--cx-violet),var(--cx-magenta));
      color: var(--cx-white) !important;
    }
    .cxcta a.cxcta-btn--primary:hover{ filter: brightness(1.1); transform: translateY(-1px); }
    .cxcta a.cxcta-btn--ghost{
      background: rgba(252,249,254,.05);
      border: 1px solid rgba(252,249,254,.28);
      color: var(--cx-white) !important;
    }
    .cxcta a.cxcta-btn--ghost:hover{
      border-color: rgba(107,52,253,.9);
      background: rgba(107,52,253,.14);
    }
    .cxcta a.cxcta-btn:focus-visible{ outline: 3px solid #A685FD; outline-offset: 3px; }
    .cxcta .cxcta-arrow{ flex:none; transition: transform .18s ease; }
    .cxcta a.cxcta-btn--primary:hover .cxcta-arrow{ transform: translateX(3px); }

    /* ---------- Responsive ----------
       Desktop ≥ 901px: full padding, buttons side by side.
       Tablet 641–900px: fluid type steps down, buttons stay inline
       and wrap gracefully if the column is narrow.
       Mobile ≤ 640px: buttons stack full-width, tighter eyebrow.   */
    @media (max-width: 900px){
      .cxcta .cxcta-card{ border-radius: 20px; }
      .cxcta .cxcta-actions{ margin-top: 30px; }
    }
    @media (max-width: 640px){
      .cxcta{ margin: 2rem 0; }
      .cxcta .cxcta-card{ border-radius: 18px; }
      .cxcta p.cxcta-eyebrow{ font-size: .7rem !important; letter-spacing: .16em !important; margin-bottom: 14px !important; }
      .cxcta .cxcta-dash{ width: 16px; margin-right: 9px; }
      .cxcta .cxcta-actions{ flex-direction: column; align-items: stretch; gap: 12px; margin-top: 26px; }
      .cxcta a.cxcta-btn{ width: 100%; padding: 15px 18px; font-size: 1rem !important; }
    }
    @media (max-width: 380px){
      .cxcta h2.cxcta-title{ font-size: 1.55rem !important; }
    }
    @media (prefers-reduced-motion: reduce){
      .cxcta *{ transition: none !important; }
    }
  </style>

  <div class="cxcta-card">

    <p class="cxcta-eyebrow"><span class="cxcta-dash" aria-hidden="true"></span>See it in Action</p>

    <h2 class="cxcta-title article-anchor" id="checkmarx-ai-supply-chain-security">Checkmarx AI Supply Chain Security</h2>

    <div class="cxcta-actions">

      <!-- 🔗 LINK 1 of 1 -->
      <a class="cxcta-btn cxcta-btn--primary" href="https://checkmarx.com/request-a-demo/">Request a Demo</a>

    </div>

  </div>
</div>
<!-- ==================== END CHECKMARX CTA CARD ==================== -->]]></content:encoded>
					
		
		
		
		<media:content url="https://www.youtube.com/embed/44G0Wyj5Ip4" duration="119">
			<media:player url="https://www.youtube.com/embed/44G0Wyj5Ip4" />
			<media:title type="html">You&#039;re Securing Your Code. But Are You Securing the AI Inside It? </media:title>
			<media:description type="html">AI is reshaping software development and your attack surface. Learn how to govern and secure AI components across your software supply chain</media:description>
			<media:thumbnail url="https://checkmarx.com/wp-content/uploads/2026/06/44g0wyj5ip4.jpg" />
			<media:keywords>Agentic AI,AI-Generated Code,Open-Source Supply Chain,shadow ai,Software Supply Chain Security</media:keywords>
		</media:content>
	</item>
		<item>
		<title>Learnings From Checkmarx Agentic AppSec Unleashed ‘26</title>
		<link>https://checkmarx.com/blog/learnings-from-checkmarx-agentic-appsec-unleashed-26/</link>
		
		<dc:creator><![CDATA[Eran Kinsbruner]]></dc:creator>
		<pubDate>Mon, 22 Jun 2026 17:55:05 +0000</pubDate>
				<category><![CDATA[AI & LLM Tools in Application Security]]></category>
		<category><![CDATA[Application Security Trends & Insights]]></category>
		<category><![CDATA[Blog]]></category>
		<category><![CDATA[Agentic AI]]></category>
		<category><![CDATA[Agentic AppSec]]></category>
		<category><![CDATA[AI Agents]]></category>
		<category><![CDATA[AppSec]]></category>
		<guid isPermaLink="false">https://staging.checkmarx.com/?p=113481</guid>

					<description><![CDATA[Deterministic Meets Frontier: The New Blueprint for AppSec ]]></description>
										<content:encoded><![CDATA[<p class="wp-block-paragraph">Software is now being created faster than most organizations can secure it.</p>



<p class="wp-block-paragraph">AI coding assistants are helping developers move at unprecedented speed. But that same speed is creating a new security reality: more code, more vulnerabilities, faster exploitability, and a growing backlog that traditional AppSec processes were never designed to handle.</p>



<p class="wp-block-paragraph">That tension shaped the conversation at the second annual Agentic AppSec Unleashed Summit, held on June 16. Across six main sessions and four exclusive early-access discussions, CISOs, customers, and product leaders explored how security teams can adapt to the AI-driven software supply chain.</p>



<p class="wp-block-paragraph">One message came through clearly: <strong>Agentic development demands security that moves at the same pace.</strong></p>



<p class="wp-block-paragraph">The teams that succeed will not be the ones that slow down development. They will be the ones that learn how to secure software as fast as AI can create it.</p>



<h2 class="wp-block-heading article-anchor" id="the-future-of-appsec-deterministic-security-meets-frontier-ai">The Future of AppSec: Deterministic Security Meets Frontier AI</h2>



<p class="wp-block-paragraph"><strong>Checkmarx CEO Sandeep Johri </strong>opened the summit by framing the challenge facing security teams today. AI is helping enterprises write code two to three times faster, but that acceleration is also producing more vulnerable code than traditional AppSec programs can absorb.</p>



<p class="wp-block-paragraph">According to Johri, AI-generated code has a much higher concentration of vulnerabilities than human-written code, contributing to a threefold increase in the overall vulnerability backlog. Left unchecked, that backlog could slow the very innovation AI was meant to accelerate.</p>



<p class="wp-block-paragraph">At the same time, attackers are also using AI. Exploit creation is becoming faster, cheaper, and more scalable. In 2018, exploiting a zero-day vulnerability could take roughly two years. Today, that window has shrunk to just one or two days, and it continues to narrow.</p>



<p class="wp-block-paragraph">Given that speed, it may seem logical to fight AI with AI by relying on frontier models to find vulnerabilities faster. But Johri made clear that an “LLM-only” approach is not enough. Frontier models can uncover novel exploit paths, but they can also be inconsistent. Their results may change depending on the prompt, they can produce false positives, and they can still miss known critical vulnerabilities.</p>



<p class="wp-block-paragraph">That is where deterministic security remains essential. Unlike LLMs, deterministic tools apply consistent rules and proven detection logic, producing repeatable results that teams can trust and verify.</p>



<p class="wp-block-paragraph">The answer, Johri argued, is not AI or deterministic tooling – it&#8217;s both. Modern application security needs a hybrid platform that pairs deterministic ground truth with probabilistic AI reasoning, combining the consistency of traditional security with the speed and creativity of frontier models.</p>



<p class="wp-block-paragraph">Johri also made an important architectural point: a the same model producing the code should not be trusted to secure it. Just as a system should not manage its own permissions or store its own master keys, the security control plane must remain independent of the AI it evaluates. He called it a “separation of church and state.”</p>



<p class="wp-block-paragraph">That separation is central to the platform Checkmarx is building: one that combines deterministic ground truth with AI-powered reasoning while keeping security validation independent, consistent, and verifiable. The result is already showing impact, including a 60–70% reduction in false positives.</p>



<figure class="wp-block-image size-full"><img fetchpriority="high" decoding="async" width="936" height="376" src="https://checkmarx.com/wp-content/uploads/2026/06/image-7.png" alt="" class="wp-image-113482" srcset="https://checkmarx.com/wp-content/uploads/2026/06/image-7.png 936w, https://checkmarx.com/wp-content/uploads/2026/06/image-7-300x121.png 300w, https://checkmarx.com/wp-content/uploads/2026/06/image-7-768x309.png 768w, https://checkmarx.com/wp-content/uploads/2026/06/image-7-400x161.png 400w" sizes="(max-width: 936px) 100vw, 936px" /></figure>



<h2 class="wp-block-heading article-anchor" id="beyond-the-false-choice-how-ai-and-appsec-win-together">Beyond the False Choice: How AI and AppSec Win Together</h2>



<p class="wp-block-paragraph">The second session brought Johri together with other security leaders who are already navigating this shift:</p>



<p class="wp-block-paragraph"><strong>Michael Schrank</strong>, former Group CISO, Adidas; CEO, Three Rivers Advisory</p>



<p class="wp-block-paragraph"><strong>Joseph Wilson</strong>, SVP &amp; CIO, CSG</p>



<p class="wp-block-paragraph"><strong>Laurent Donnay</strong>, SVP IT Sales and Platforms, Deutsche Telekom</p>



<p class="wp-block-paragraph">The central question in this session was simple: If AI can write code, find vulnerabilities, and generate exploits, what is left for AppSec to do?</p>



<p class="wp-block-paragraph">The answer was not that AppSec becomes less important. It becomes the layer of trust, governance, and execution that makes AI-driven development safe.</p>



<p class="wp-block-paragraph">AI can accelerate coding, scanning, and even exploitation, but organizations still need deterministic security to validate results, prioritize real risk, and ensure findings lead to remediation.</p>



<p class="wp-block-paragraph">That is where the operational challenge begins. Most teams are not struggling because they lack security signals; they are struggling because those signals are fragmented and overwhelming. To turn findings into remediation, they need a connected view of risk that brings together code, runtime, identity, and data context to show what is truly exploitable and what should be fixed first. Wilson captured the maturity challenge directly: “Discovery without mitigation is just inventory.”</p>



<p class="wp-block-paragraph">From there, the panel focused on what mature AppSec programs need to do differently:</p>



<ul class="wp-block-list">
<li>
<strong>Measure what matters</strong>. Maturity isn&#8217;t how many vulnerabilities you find. It&#8217;s MTTR (mean time to remediation), how fast you resolve them.</li>



<li>
<strong>Integrate, don&#8217;t interrupt</strong>. Remediation belongs inside the existing SDLC, with agents proposing fixes directly in the pull request.</li>



<li>
<strong>Let agents do the grunt work</strong>. Triage and remediation that could take hours for developers can be completed by an LLM in two to three minutes.</li>
</ul>



<h2 class="wp-block-heading article-anchor" id="the-vulnerabilities-were-always-there-now-what">The Vulnerabilities Were Always There: Now What?</h2>



<p class="wp-block-paragraph">In my session with <strong>Jonathan Rende, Chief Product Officer at Checkmarx</strong>, we put numbers behind the problem.</p>



<p class="wp-block-paragraph">AI is not just changing how quickly software is written; it is changing how quickly security debt accumulates.</p>



<p class="wp-block-paragraph">AI-generated code is introducing more defects per unit of code, with defect rates up 1.7x. When that increase is multiplied across the growing volume of AI-generated software, it compounds into roughly 5x more exploitable flaws. In other words, organizations are not just writing more code. They are also creating more risk for security teams to manage.</p>



<p class="wp-block-paragraph">At the same time, attackers are moving faster and more cheaply than ever. A working CVE exploit can now cost as little as $1 and only minutes of compute. That means the window between disclosure and exploitation is no longer long enough for slow, manual response processes.</p>



<p class="wp-block-paragraph">The result is a widening gap between what teams find and what they fix. Over the last year, vulnerability submissions increased while monthly fixes fell 46%. Discovery has scaled with AI, but remediation has not. Critical vulnerabilities are now piling up faster than most teams can resolve them.</p>



<p class="wp-block-paragraph">The solution isn&#8217;t to replace traditional tooling with AI, but to combine both deliberately.</p>



<p class="wp-block-paragraph">AI is fast and creative, which makes it useful for surfacing novel patterns that traditional scanners may miss. Deterministic security is consistent and repeatable, which makes it essential for catching known vulnerabilities, validating findings, and producing the evidence auditors require.</p>



<p class="wp-block-paragraph">Put simply, AI casts the wide net, while deterministic logic confirms what is real.</p>



<p class="wp-block-paragraph">That combination produces better signal. In Checkmarx labs, the hybrid engine reached an F1 score of 0.64, compared to roughly 0.20 for a pure frontier model like Claude Opus 4.7. That difference matters because it turns a noisy alert pile into findings teams can actually trust and act on.</p>



<p class="wp-block-paragraph">Our conclusion was clear: discovery is no longer the hardest part. The teams that lead will be the ones that improve remediation throughput – their ability to fix vulnerabilities quickly, accurately, and consistently across both new code and the existing backlog.</p>



<figure class="wp-block-image size-full"><img decoding="async" width="936" height="433" src="https://checkmarx.com/wp-content/uploads/2026/06/image-8.png" alt="" class="wp-image-113483" srcset="https://checkmarx.com/wp-content/uploads/2026/06/image-8.png 936w, https://checkmarx.com/wp-content/uploads/2026/06/image-8-300x139.png 300w, https://checkmarx.com/wp-content/uploads/2026/06/image-8-768x355.png 768w, https://checkmarx.com/wp-content/uploads/2026/06/image-8-400x185.png 400w" sizes="(max-width: 936px) 100vw, 936px" /></figure>



<h2 class="wp-block-heading article-anchor" id="getting-to-high-fidelity">Getting to High Fidelity</h2>



<p class="wp-block-paragraph"><strong>Checkmarx VP of Product Ori Bendet</strong> continued the case for a hybrid model by pointing to the limits of LLM-only security. In the BaxBench benchmark, even the best frontier models returned solutions that were incorrect or insecure more than 45% of the time. “If you go all-in on LLMs, you&#8217;re going to have missing results,&#8221; he said, &#8220;and those missing results create risk for your organization.”</p>



<p class="wp-block-paragraph">Cost is another important factor. Scanning millions of lines of code with premium models can become expensive quickly, especially at enterprise scale. Security teams need an approach that is not only accurate, but also scalable, repeatable, and cost-effective.</p>



<p class="wp-block-paragraph"><strong>Frank Emery, Senior Director of Product Management</strong>, then explained how Checkmarx’s next-generation SAST engine is built to deliver that balance. It combines three core capabilities: a deterministic, rules-based foundation for consistency and trusted ground truth; an AI-based, language-agnostic scanner that expands coverage to frameworks and languages traditional tools may not support; and a Findings Analysis Engine that reviews findings in context and removes false positives before they reach developers.</p>



<p class="wp-block-paragraph">Together, these capabilities feed the Checkmarx ASPM platform, which helps teams understand where risk lives. From there, AI-powered agents, including Developer Assist, Triage Assist, and Remediation Assist, can identify issues earlier, triage zero-day and backlog vulnerabilities faster, and support remediation before risks escalate.</p>



<p class="wp-block-paragraph">The result is less noise, broader language support, and stronger fidelity than traditional SAST. Just as importantly, this approach is grounded in two decades of Checkmarx research, detection logic, and AppSec expertise.</p>



<h2 class="wp-block-heading article-anchor" id="remediation-at-ai-speed-from-ai-vibe-coding-to-verified-governed-code">Remediation at AI Speed: From AI Vibe Coding to Verified, Governed Code</h2>



<p class="wp-block-paragraph">The next session shifted from strategy to practice in a discussion moderated by <strong>Checkmarx VP of Product Management Harshil Parikh</strong>. He was joined by two PatientPoint security practitioners: <strong>Femi Oyesanya</strong>, application security engineer, and <strong>Lily Leith</strong>, application security risk analyst. Together, they explored a practical question facing many AppSec teams today: remediation has always mattered, but how does AI’s speed change the way teams approach it?</p>



<p class="wp-block-paragraph">For Oyesanya, the opportunity is clear. “We have a better, more reliable, faster way of doing it,” he said. But he also cautioned that automation brings new complexity. Risk does not come only from application code; it can also come from SCA vulnerabilities, compromised libraries, and other parts of the software supply chain. That means controls need to extend across the infrastructure, not just the code.</p>



<p class="wp-block-paragraph">Leith described how PatientPoint has moved from a reactive model to a more anticipatory one. Instead of spending hours responding to the “attack of the day,” her team now uses automation to shorten response times. That includes monitoring new CVEs, checking whether GitHub packages are malicious, and using agents to determine what is actually exploitable.</p>



<p class="wp-block-paragraph">The key, both speakers emphasized, is trusted context. By pulling in intelligence from sources like Checkmarx, teams can decide whether a vulnerability should trigger a break-build policy or move through another remediation workflow.</p>



<p class="wp-block-paragraph">They also stressed that humans still need to stay in the loop. Developers remain the experts on their own codebases, so they need to review AI-generated fixes, catch hallucinations, and make sure suggested changes do not introduce new risk. For critical or externally facing systems, formal change management remains essential.</p>



<p class="wp-block-paragraph">That is where governance becomes critical. Security gates, policies, and review processes keep AI-accelerated development accountable. Parikh closed on a note of hard-won optimism: the industry has been “notorious about not fixing things,” but he believes agentic remediation can finally help drive down MTTR with a solution built for practitioners.</p>



<figure class="wp-block-image size-full"><img decoding="async" width="936" height="451" src="https://checkmarx.com/wp-content/uploads/2026/06/image-9.png" alt="" class="wp-image-113484" srcset="https://checkmarx.com/wp-content/uploads/2026/06/image-9.png 936w, https://checkmarx.com/wp-content/uploads/2026/06/image-9-300x145.png 300w, https://checkmarx.com/wp-content/uploads/2026/06/image-9-768x370.png 768w, https://checkmarx.com/wp-content/uploads/2026/06/image-9-400x193.png 400w" sizes="(max-width: 936px) 100vw, 936px" /></figure>



<h2 class="wp-block-heading article-anchor" id="bring-visibility-across-the-supply-chain">Bring Visibility Across the Supply Chain</h2>



<p class="wp-block-paragraph">The final session focused on one of the biggest governance challenges in the AI era: visibility across the AI software supply chain. <strong>Checkmarx Product Director for SSCS David Dewaele</strong> and <strong>AWS Principal Solution Architect for ISV Security Paul DeLaria</strong> discussed how organizations can identify, assess, and govern the AI components now entering modern applications.</p>



<p class="wp-block-paragraph">Most large organizations are familiar with shadow IT, where employees use tools that were never approved by the company. Security teams now face a newer and more complex version of the same problem: shadow AI.</p>



<p class="wp-block-paragraph">Developers moving quickly may adopt unsanctioned AI tools, models, agents, MCP servers, or other AI components, creating risk that security teams cannot manage if they cannot see it.</p>



<p class="wp-block-paragraph">DeLaria’s central point was simple and important: organizations cannot secure what they cannot see. Many leaders do not yet know which AI components are running inside their applications. Without that visibility, it becomes difficult to assess risk, enforce policy, or demonstrate compliance.</p>



<p class="wp-block-paragraph">Visibility begins with the Shared Responsibility Model. Cloud providers are responsible for securing the cloud infrastructure itself, while enterprises are responsible for what they build and run on top of it. In the AI era, that includes identity and access management for agents, the AI tool supply chain, and observability into what those agents are doing.</p>



<p class="wp-block-paragraph">Dewaele outlined a three-layer approach to AI supply chain governance.</p>



<ul class="wp-block-list">
<li>
<strong>Detection</strong>: Identify every AI asset, from LLMs to agents to MCP servers, across the whole SDLC.</li>



<li>
<strong>Risk assessment</strong>: Run purpose-built scanners that catch new threats like malicious artifact injection and dangerous model loaders, alongside traditional scans.</li>



<li>
<strong>Governance and compliance</strong>: Generate AI Bills of Materials (AI-BOMs) to evidence security against frameworks like the EU AI Act, NIST, and ISO.</li>
</ul>



<p class="wp-block-paragraph">The goal is not only to detect risk. It is to create the visibility, context, and evidence organizations need to govern AI-driven development responsibly.</p>



<h2 class="wp-block-heading article-anchor" id="thats-a-wrap">That&#8217;s a Wrap</h2>



<p class="wp-block-paragraph">The summit ended where it began: with the central idea that securing software at the speed of AI cannot be solved by one tool, one team, or one model. It requires a new AppSec discipline that is built layer by layer, from detection to remediation to governance.</p>



<p class="wp-block-paragraph">That discipline starts with deterministic ground truth. It adds AI-driven reasoning where AI can provide speed, scale, and broader coverage. It uses agents to accelerate triage and remediation, and it creates visibility across the full software supply chain, including the new AI components that are quickly becoming part of modern applications.</p>



<p class="wp-block-paragraph">AI has made it easier, cheaper, and faster for attackers to exploit software, but it has also created a new opportunity for defenders. With the right architecture, security teams can move faster without giving up trust. They can reduce noise without missing critical issues. They can govern AI-generated code without slowing innovation.</p>



<p class="wp-block-paragraph">That is the blueprint Checkmarx laid out at Agentic AppSec Unleashed ’26: deterministic security and frontier AI, working together so organizations <strong>can secure software as fast as AI can build it.</strong></p>



<p class="wp-block-paragraph"><a href="https://checkmarx.ai/on-demand-sessions/?__hstc=206289484.3289b36b7a3f390435f359ca407c0e41.1776181577790.1781716862935.1782140796982.84&amp;__hssc=206289484.11.1782140796982&amp;__hsfp=2d3796ce4f8e2359fec9023e3d638e0a">The full sessions and slides are available on demand.</a></p>]]></content:encoded>
					
		
		
		
		<media:thumbnail url="https://checkmarx.com/wp-content/uploads/2026/06/image-7-150x150.png" />
		<media:content url="https://checkmarx.com/wp-content/uploads/2026/06/image-7.png" medium="image">
			<media:title type="html">image</media:title>
			<media:thumbnail url="https://checkmarx.com/wp-content/uploads/2026/06/image-7-150x150.png" />
		</media:content>
		<media:content url="https://checkmarx.com/wp-content/uploads/2026/06/image-8.png" medium="image">
			<media:title type="html">image</media:title>
			<media:thumbnail url="https://checkmarx.com/wp-content/uploads/2026/06/image-8-150x150.png" />
		</media:content>
		<media:content url="https://checkmarx.com/wp-content/uploads/2026/06/image-9.png" medium="image">
			<media:title type="html">image</media:title>
			<media:thumbnail url="https://checkmarx.com/wp-content/uploads/2026/06/image-9-150x150.png" />
		</media:content>
	</item>
		<item>
		<title>Checkmarx Named a Leader in Inaugural 2026 Gartner® Magic Quadrant™ for Software Supply Chain Security</title>
		<link>https://checkmarx.com/blog/checkmarx-named-a-leader-in-inaugural-2026-gartner-magic-quadrant-for-software-supply-chain-security/</link>
		
		<dc:creator><![CDATA[Checkmarx Team]]></dc:creator>
		<pubDate>Mon, 22 Jun 2026 15:26:02 +0000</pubDate>
				<category><![CDATA[AI & LLM Tools in Application Security]]></category>
		<category><![CDATA[Application Security Trends & Insights]]></category>
		<category><![CDATA[Blog]]></category>
		<category><![CDATA[Supply Chain Security]]></category>
		<category><![CDATA[Leadership]]></category>
		<category><![CDATA[Security Leadership]]></category>
		<category><![CDATA[SSCS]]></category>
		<guid isPermaLink="false">https://staging.checkmarx.com/?p=113455</guid>

					<description><![CDATA[We&#8217;re proud to share that Checkmarx has been positioned as a Leader in the 2026 Gartner® Magic Quadrant™ for Software Supply Chain Security. We believe this recognition validates our dev-first, unified approach to comprehensive supply chain protection and centralized governance. Gartner evaluated vendors across two critical dimensions: Completeness of Vision and Ability to Execute, and [&#8230;]]]></description>
										<content:encoded><![CDATA[<p class="wp-block-paragraph">We&#8217;re proud to share that <a href="https://checkmarx.com/checkmarx-named-a-leader-in-the-2026-gartner-magic-quadrant-for-software-supply-chain-security/?utm_source=blog&amp;utm_medium=post&amp;utm_campaign=gartner_mq_sscs_2026">Checkmarx has been positioned as a Leader in the 2026 Gartner® Magic Quadrant™ for Software Supply Chain Security</a>.</p>



<p class="wp-block-paragraph">We believe this recognition validates our dev-first, unified approach to comprehensive supply chain protection and centralized governance.</p>



<p class="wp-block-paragraph">Gartner evaluated vendors across two critical dimensions: Completeness of Vision and Ability to Execute, and we feel our placement underscores our innovation in supply chain risk detection and ability to deliver measurable business impact for enterprises managing complex software dependencies.</p>



<figure class="wp-block-image size-full is-resized"><img decoding="async" width="2314" height="2560" src="https://checkmarx.com/wp-content/uploads/2026/06/Figure1-scaled.png" alt="" class="wp-image-113469" style="aspect-ratio:0.9039092055485498;width:597px;height:auto" srcset="https://checkmarx.com/wp-content/uploads/2026/06/Figure1-scaled.png 2314w, https://checkmarx.com/wp-content/uploads/2026/06/Figure1-271x300.png 271w, https://checkmarx.com/wp-content/uploads/2026/06/Figure1-926x1024.png 926w, https://checkmarx.com/wp-content/uploads/2026/06/Figure1-768x849.png 768w, https://checkmarx.com/wp-content/uploads/2026/06/Figure1-1389x1536.png 1389w, https://checkmarx.com/wp-content/uploads/2026/06/Figure1-1852x2048.png 1852w, https://checkmarx.com/wp-content/uploads/2026/06/Figure1-529x585.png 529w" sizes="(max-width: 2314px) 100vw, 2314px" /><figcaption class="wp-element-caption"><em>This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Checkmarx.</em></figcaption></figure>



<h2 class="wp-block-heading article-anchor" id="securing-the-supply-chain">Securing the Supply Chain</h2>



<p class="wp-block-paragraph">We believe this recognition reinforces our commitment to helping organizations detect and remediate supply chain risks in a way that fits seamlessly into how development teams work.</p>



<p class="wp-block-paragraph">By embedding security directly into developer workflows, through IDE integration, source control, and CI/CD pipelines, Checkmarx One makes it easy to catch supply chain risks early without slowing teams down. The unified platform covers SCA, container security, malicious package detection, secrets detection, SBOM generation, and our recently launched <a href="https://checkmarx.com/ai-bom/?utm_source=blog_announcement&amp;utm_medium=blog&amp;utm_campaign=gartner_mq_sscs_2026">AI-BOM solution</a> for managing AI components with audit-ready documentation.</p>



<h2 class="wp-block-heading article-anchor" id="ready-to-learn-more">Ready to Learn More?</h2>



<p class="wp-block-paragraph">Access the 2026 Gartner® Magic Quadrant™ for Software Supply Chain Security report or request a demo to learn more about Checkmarx One Software Supply Chain solutions.</p>



<p class="wp-block-paragraph">    </p>



<p class="wp-block-paragraph"> </p>



<div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained">
<p class="wp-block-paragraph"><em><sup>Gartner, Magic Quadrant for Software Supply Chain Security, Aaron Lord, Jason Gross, Johnny Walters, June 17, 2026.</sup></em></p>
</div></div>



<p class="wp-block-paragraph"><em><sup>Gartner does not endorse any company, vendor, product or service depicted in its publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner publications consist of the opinions of Gartner’s business and technology insights organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this publication, including any warranties of merchantability or fitness for a particular purpose.</sup></em></p>



<p class="wp-block-paragraph"></p>



<p class="wp-block-paragraph"><em><sup>Gartner and Magic Quadrant are trademarks of Gartner, Inc. and/or its affiliates.</sup></em></p>]]></content:encoded>
					
		
		
		
		<media:thumbnail url="https://checkmarx.com/wp-content/uploads/2026/06/Figure1-150x150.png" />
		<media:content url="https://checkmarx.com/wp-content/uploads/2026/06/Figure1-scaled.png" medium="image">
			<media:title type="html">Figure1</media:title>
			<media:thumbnail url="https://checkmarx.com/wp-content/uploads/2026/06/Figure1-150x150.png" />
		</media:content>
	</item>
		<item>
		<title>Your Scanner&#8217;s Accuracy Claims Are Only Half the Story</title>
		<link>https://checkmarx.com/blog/your-scanners-accuracy-claims-are-only-half-the-story/</link>
		
		<dc:creator><![CDATA[Avi Hein]]></dc:creator>
		<pubDate>Tue, 16 Jun 2026 04:53:51 +0000</pubDate>
				<category><![CDATA[AI & LLM Tools in Application Security]]></category>
		<category><![CDATA[Blog]]></category>
		<category><![CDATA[SAST]]></category>
		<category><![CDATA[Agentic AI]]></category>
		<category><![CDATA[Agentic AppSec]]></category>
		<category><![CDATA[AI generated code]]></category>
		<category><![CDATA[AppSec]]></category>
		<guid isPermaLink="false">https://staging.checkmarx.com/?p=113276</guid>

					<description><![CDATA[At some point, developers on your team stopped acting on security findings. Not because they stopped caring about security, but because they learned that most findings are not real. A scanner flooded the queue with so much noise that ignoring it became the rational response. The question is how did that happen, and how can [&#8230;]]]></description>
										<content:encoded><![CDATA[<p class="wp-block-paragraph">At some point, developers on your team stopped acting on security findings. Not because they stopped caring about security, but because they learned that most findings are not real. A scanner flooded the queue with so much noise that ignoring it became the rational response.</p>



<p class="wp-block-paragraph">The question is how did that happen, and how can you evaluate if your next tool will do the same thing?</p>



<p class="wp-block-paragraph">It comes down to how vendors measure accuracy.</p>



<p class="wp-block-paragraph">A scanner can lower its false positive count by simply flagging fewer things, but this means real vulnerabilities are passing through undetected. A scanner can also raise its detection rate by flagging everything, but this means your developers spend their time chasing noise until they stop looking at findings altogether. Both outcomes look fine on the summary slide – but neither is fine in practice.</p>



<p class="wp-block-paragraph">The metric that closes this loophole is the F<sub>1</sub> score, a specific type of F-score that weighs precision and recall equally. Improving it requires improving both simultaneously – gains in one don&#8217;t compensate for weakness in the other.</p>



<p class="wp-block-paragraph">It&#8217;s also why most AppSec vendors don&#8217;t advertise their F<sub>1</sub> score: the numbers reveal what they’d rather hide. Publish a weak F<sub>1</sub> and they’re admitting either that the scanner either misses critical vulnerabilities or that it drowns users in false positives. And neither is a compelling sales pitch.</p>



<h2 class="wp-block-heading article-anchor" id="the-basics-precision-and-recall">The Basics: Precision and Recall</h2>



<p class="wp-block-paragraph">Every security scanner produces four types of outputs:</p>



<ul class="wp-block-list">
<li>
<strong>True positives (TP)</strong>: real weaknesses the scanner correctly identified.</li>



<li>
<strong>False positives (FP)</strong>: findings that are not actually weaknesses.</li>



<li>
<strong>False negatives (FN)</strong>: real weaknesses the scanner missed.</li>



<li>
<strong>True negatives (TN)</strong>: clean code that the scanner correctly ignored.</li>
</ul>



<p class="wp-block-paragraph"><strong>Precision</strong> measures the share of findings that are real: <em>𝑇𝑃 / (𝑇𝑃 + 𝐹𝑃)</em>.<br>A high-precision scanner means fewer false positives so your team spends less time investigating findings that turn out to be nothing. The catch is that a scanner can achieve perfect precision by flagging almost nothing, which means real vulnerabilities sail through undetected.</p>



<p class="wp-block-paragraph"><strong>Recall</strong> measures the share of real vulnerabilities that were found: <em>𝑇𝑃 / (𝑇𝑃 + 𝐹𝑁)</em>.<br>A high-recall scanner misses very little. But its catch is that a scanner can achieve perfect recall by flagging everything, which destroys signal-to-noise ratio (and sends your developers back to ignoring the queue).</p>



<p class="wp-block-paragraph">AppSec vendors exploit this tension constantly. A tool can reduce false positives by simply reporting fewer findings, which quietly creates false negatives, letting real vulnerabilities pass through undetected. The tool looks precise on paper, but the vulnerabilities it stopped flagging didn&#8217;t disappear – they just stopped showing up in the report.</p>



<figure class="wp-block-image size-full is-resized"><img decoding="async" width="906" height="726" src="https://checkmarx.com/wp-content/uploads/2026/06/image-3.png" alt="" class="wp-image-113277" style="aspect-ratio:1.247939831472411;width:671px;height:auto" srcset="https://checkmarx.com/wp-content/uploads/2026/06/image-3.png 906w, https://checkmarx.com/wp-content/uploads/2026/06/image-3-300x240.png 300w, https://checkmarx.com/wp-content/uploads/2026/06/image-3-768x615.png 768w, https://checkmarx.com/wp-content/uploads/2026/06/image-3-730x585.png 730w, https://checkmarx.com/wp-content/uploads/2026/06/image-3-374x300.png 374w" sizes="(max-width: 906px) 100vw, 906px" /><figcaption class="wp-element-caption"><em>These two measures pull against each other. Optimizing for one in isolation tends to hurt the other.</em></figcaption></figure>



<h2 class="wp-block-heading article-anchor" id="what-the-f-score-captures">What the F Score Captures</h2>



<p class="wp-block-paragraph">The F score is the harmonic mean of precision and recall, a single number that captures both at once:</p>



<p class="has-text-align-center wp-block-paragraph"><math data-latex="F_1 = 2 \times \frac{\text{Precision} \times \text{Recall}}{\text{Precision} + \text{Recall}}"><semantics><mrow><msub><mi>F</mi><mn>1</mn></msub><mo>=</mo><mn>2</mn><mo>×</mo><mfrac><mrow><mtext>Precision</mtext><mo>×</mo><mtext>Recall</mtext></mrow><mrow><mtext>Precision</mtext><mo>+</mo><mtext>Recall</mtext></mrow></mfrac></mrow><annotation encoding="application/x-tex">F_1 = 2 \times \frac{\text{Precision} \times \text{Recall}}{\text{Precision} + \text{Recall}}</annotation></semantics></math></p>



<p class="wp-block-paragraph">Unlike a simple average, the harmonic mean heavily penalizes imbalance. A scanner with 90% precision but only 10% recall scores of 0.18, not 0.5. Both numbers must be high at the same time to produce a strong F<sub>1</sub> score. You cannot hide a weak recall behind a strong precision score, which is exactly what makes it a more honest benchmark than either metric alone.</p>



<p class="wp-block-paragraph">An F<sub>1</sub> score runs from 0 to 1. What counts as a good score depends on the data being analyzed. Controlled benchmark studies with purpose-built vulnerable code tend to produce higher scores across all tool categories than tests on real production code. On real production code, scores are lower across the board &#8211; for traditional SAST tools, LLM-native reviewers, and hybrid approaches alike. This isn’t a flaw in the tools, but a reflection of how messy the real world is compared to carefully constructed examples.</p>



<p class="wp-block-paragraph">This is why the test dataset matters as much as the score itself. A vendor quoting an F<sub>1</sub> score based on a controlled benchmark is making a very different claim than one quoting a score from real production code. And, if a vendor does not name the dataset, that is worth asking about.</p>



<h2 class="wp-block-heading article-anchor" id="why-this-matters-for-sast">Why This Matters for SAST</h2>



<p class="wp-block-paragraph">Static application security testing (SAST) is a classification problem at scale. On a single codebase, a scanner might analyze thousands of code paths and return hundreds of findings. For AppSec teams managing backlogs, false positives from scanners teach developers to ignore scanner output, leading to worse security outcomes.</p>



<p class="wp-block-paragraph">Traditional rules-based SAST engines tend to favor high recall: find every possible match for known patterns. The tradeoff is well understood: by casting a wider net, they inevitably produce a higher false positive rate. Most security teams have learned to accept this as the cost of minimizing missed vulnerabilities.</p>



<p class="wp-block-paragraph">AI-driven scanners take a different approach. Because they aren’t limited to simple pattern-matching, they can reason about the code in ways AI-only SAST engines cannot. But they introduce a different challenge: an AI model reviewing the code can&#8217;t self-police. It’s the computational equivalent of the fox guarding the hen house.</p>



<p class="wp-block-paragraph">Some vendors address the false positive problem by reducing recall, so the findings look cleaner, which in turn quietly increases false negatives. Vulnerabilities that are missed do not announce themselves – and as a result, vendors can advertise low false positive rates while quietly allowing more real issues to slip through. This is precisely why the F<sub>1</sub> score matters. It makes the “low FP” trick harder to get away with. Vendors that report recall without precision (or precision without recall) are just emphasizing whichever metric presents their product more favorably. The F<sub>1</sub> score puts both dimensions on the table simultaneously, providing a more balanced measure of scanner effectiveness.</p>



<h2 class="wp-block-heading article-anchor" id="what-good-looks-like-in-practice">What Good Looks Like in Practice</h2>



<p class="wp-block-paragraph">Checkmarx Zero research published benchmark data from a study across seven production codebases (Istio, indico, OpenMRS, Mezzanine, SimplCommerce, Jellyfinn, ThreatByte) comparing hybrid SAST against LLM-native scanning with Claude Opus 4.7. The results:</p>



<ul class="wp-block-list">
<li>
<strong>Checkmarx SAST</strong>: F<sub>1</sub> score of 0.64</li>



<li>
<strong>Claude Opus 4.7</strong> (standalone LLM reviewer): F<sub>1</sub> score of approximately 0.20</li>
</ul>



<p class="wp-block-paragraph">The gap is significant. Checkmarx Zero research tested an LLM-augmented SAST engine head-to-head against Claude Opus 4.7 across seven real production codebases in Python, Go, and C#, covering 747 findings. The Checkmarx engine had an 11% higher true positive rate than Opus 4.7, found 327 additional true positives that Opus missed entirely, and Opus 4.7 generated a 44.1% false positive rate. Nearly half its findings were wrong.</p>



<figure class="wp-block-image size-full is-resized"><img decoding="async" width="1600" height="1031" src="https://checkmarx.com/wp-content/uploads/2026/06/Code_Generated_Image.png" alt="" class="wp-image-113337" style="aspect-ratio:1.5519182471637656;width:764px;height:auto" srcset="https://checkmarx.com/wp-content/uploads/2026/06/Code_Generated_Image.png 1600w, https://checkmarx.com/wp-content/uploads/2026/06/Code_Generated_Image-300x193.png 300w, https://checkmarx.com/wp-content/uploads/2026/06/Code_Generated_Image-1024x660.png 1024w, https://checkmarx.com/wp-content/uploads/2026/06/Code_Generated_Image-768x495.png 768w, https://checkmarx.com/wp-content/uploads/2026/06/Code_Generated_Image-1536x990.png 1536w, https://checkmarx.com/wp-content/uploads/2026/06/Code_Generated_Image-908x585.png 908w, https://checkmarx.com/wp-content/uploads/2026/06/Code_Generated_Image-400x258.png 400w" sizes="(max-width: 1600px) 100vw, 1600px" /></figure>



<p class="wp-block-paragraph">The gap comes from architecture, not just model quality. The hybrid approach runs a deterministic rules engine first, extends coverage with a purpose-built AI model, then applies a classification layer that filters findings before they reach the analyst. Each layer addresses what the others cannot do alone.</p>



<p class="wp-block-paragraph">For the full methodology and benchmark detail: <a href="https://checkmarx.com/llm-application-security-governing-ai-driven-risk/">LLM Application Security: Governing AI-Driven Risk Across the Software Lifecycle</a>.</p>



<h2 class="wp-block-heading article-anchor" id="how-to-use-f-score-to-evaluate-a-scanner">How to Use F Score To Evaluate a Scanner</h2>



<p class="wp-block-paragraph">If the F<sub>1</sub> score is the most balanced measure of scanner performance, then it should also be one of the first metrics you ask about when evaluating a vendor. Unlike standalone precision or recall figures, the F score makes it much harder to hide tradeoffs between finding vulnerabilities and avoiding false alarms.</p>



<p class="wp-block-paragraph">Start by asking a vendor for their scanner’s F<sub>1</sub> score on a defined, real-world codebase. The dataset matters. Purpose-built, vulnerable-by-design projects are useful for research and benchmarking, but do not represent production code. What matters is results from real code shipped by real software teams.</p>



<p class="wp-block-paragraph">Ask if precision and recall are reported separately. A vendor willing to disclose both numbers is making a more credible claim than one that highlights only detection rates or false positive reduction. Without both numbers, it’s impossible to understand the actual performance.</p>



<p class="wp-block-paragraph">Watch for vendors who improve one metric by degrading the other. Lower false positives achieved by missing more vulnerabilities is not an accuracy improvement. F<sub>1</sub> exposes exactly that tradeoff.</p>



<p class="wp-block-paragraph">If a vendor cannot provide an F<sub>1</sub> score or refuses to identify the test dataset, that should prompt further investigation before making a purchasing decision.</p>



<h2 class="wp-block-heading article-anchor" id="the-bottom-line">The Bottom Line</h2>



<p class="wp-block-paragraph">Security vendors will always have metrics, benchmarks, and marketing claims. Detection rates, false positive reductions, and accuracy scores that can all look impressive in isolation. The problem is that each tells only part of the story – and many can only be improved by optimizing one outcome while sacrificing the other.</p>



<p class="wp-block-paragraph">The F<sub>1</sub> score is different. It rewards scanners that can do both: find real vulnerabilities and avoid overwhelming teams with false alarms. A scanner cannot achieve a strong F<sub>1</sub> score by excelling at only one side of that equation.</p>



<p class="wp-block-paragraph">That is why the F<sub>1</sub> score is one of the most useful measures of scanner performance. It forces precision and recall to be evaluated together, making tradeoffs visible instead of hiding them behind carefully selected statistics.</p>



<p class="wp-block-paragraph">When a vendor can provide an F<sub>1</sub> score on a named, real-world dataset, they are making a claim that can be examined, challenged, and compared. When they avoid quoting one, it is worth asking why.</p>



<p class="wp-block-paragraph">That is the starting point for any honest conversation about scanner accuracy.</p>



<p class="wp-block-paragraph"><em>See how our <a href="https://checkmarx.com/cxsast-source-code-scanning/">Checkmarx SAST</a> helps reduce noise, uncover more real vulnerabilities, and deliver balanced performance across precision and recall.</em></p>]]></content:encoded>
					
		
		
		
		<media:thumbnail url="https://checkmarx.com/wp-content/uploads/2026/06/image-3-150x150.png" />
		<media:content url="https://checkmarx.com/wp-content/uploads/2026/06/image-3.png" medium="image">
			<media:title type="html">image</media:title>
			<media:thumbnail url="https://checkmarx.com/wp-content/uploads/2026/06/image-3-150x150.png" />
		</media:content>
		<media:content url="https://checkmarx.com/wp-content/uploads/2026/06/Code_Generated_Image.png" medium="image">
			<media:title type="html">Code_Generated_Image</media:title>
			<media:thumbnail url="https://checkmarx.com/wp-content/uploads/2026/06/Code_Generated_Image-150x150.png" />
		</media:content>
	</item>
		<item>
		<title>Checkmarx Security, Delivered Through Every AI Tool Your Team Already Uses</title>
		<link>https://checkmarx.com/blog/checkmarx-security-delivered-through-every-ai-tool-your-team-already-uses/</link>
		
		<dc:creator><![CDATA[Steve Boone]]></dc:creator>
		<pubDate>Mon, 15 Jun 2026 15:27:17 +0000</pubDate>
				<category><![CDATA[Blog]]></category>
		<category><![CDATA[AppSec]]></category>
		<category><![CDATA[Checkmarx MCP]]></category>
		<category><![CDATA[Developer]]></category>
		<guid isPermaLink="false">https://staging.checkmarx.com/?p=113067</guid>

					<description><![CDATA[Introducing&#160;Checkmarx&#160;MCP Server, a single connection that puts your security data inside Claude Code, Windsurf, ChatGPT, and any other MCP-compatible AI tool. No context switching. No custom&#160;integrations.&#160;Security where the work actually happens. Security is falling behind how software actually gets built.&#160; Developers are spending more of their day inside AI assistants than inside any web platform. [&#8230;]]]></description>
										<content:encoded><![CDATA[<p class="wp-block-paragraph"><em>Introducing&nbsp;Checkmarx&nbsp;MCP Server, a single connection that puts your security data inside Claude Code, Windsurf, ChatGPT, and any other MCP-compatible AI tool. No context switching. No custom&nbsp;integrations.&nbsp;Security where the work actually happens.</em></p>



<p class="wp-block-paragraph">Security is falling behind how software actually gets built.&nbsp;</p>



<p class="wp-block-paragraph">Developers are spending more of their day inside AI assistants than inside any web platform. AppSec teams are answering the same questions,&nbsp;what are my riskiest projects, which findings need triage, how does this week compare to last,&nbsp;but still doing it by logging in, clicking through dashboards, and switching between tools. Security leaders need visibility on demand, not after a report gets pulled.&nbsp;</p>



<p class="wp-block-paragraph">The interface layer is changing. AI assistants are becoming the primary way people interact with their tools. In a growing number of cases, agents are executing workflows without a visible interface at&nbsp;all, triggering&nbsp;builds, resolving dependencies, making decisions without a human ever opening a tool. This is what headless application security looks like in practice: security that either&nbsp;participates&nbsp;in the workflow at execution&nbsp;time, or&nbsp;misses it entirely.&nbsp;</p>



<p class="wp-block-paragraph">If security is not present in that layer, it gets consulted after the fact. Or not at all.&nbsp;</p>



<h2 class="wp-block-heading article-anchor" id="why-this-matters-now">Why This Matters Now&nbsp;</h2>



<p class="wp-block-paragraph">MCP has quickly become the standard for connecting AI tools to external systems.&nbsp;</p>



<p class="wp-block-paragraph">MCP-related SDKs reached 97 million monthly downloads within their first year. OpenAI adopted MCP in early 2025, deprecating its own Assistants API. In December 2025, Anthropic donated the protocol to the Linux Foundation, with OpenAI, Microsoft, AWS, Cloudflare, and Bloomberg as founding members.&nbsp;</p>



<p class="wp-block-paragraph">This is no longer an emerging standard. It is the standard.&nbsp;</p>



<p class="wp-block-paragraph">As AI assistants become the primary interface for software development and security operations, the question for every security tool is simple: are you present where decisions get made, or are you consulted after the fact?&nbsp;</p>



<p class="wp-block-paragraph">Today, that question has an answer.&nbsp;</p>



<h2 class="wp-block-heading article-anchor" id="introducing-checkmarx-mcp-server">Introducing&nbsp;Checkmarx&nbsp;MCP Server&nbsp;</h2>



<p class="wp-block-paragraph">Checkmarx MCP Server connects your&nbsp;Checkmarx&nbsp;One environment directly to any MCP-compatible AI tool, including your IDE assistant, your chat interface, and your automated pipeline.&nbsp;</p>



<p class="wp-block-paragraph">Configure it once, and Checkmarx becomes a native tool available everywhere your team already works.&nbsp;</p>



<p class="wp-block-paragraph"><strong>Built for How Security Work Actually Happens</strong>&nbsp;</p>



<p class="wp-block-paragraph">MCP serves the entire security workflow, not just developers.&nbsp;</p>



<p class="wp-block-paragraph">Developers stay in flow inside their IDE or CLI. They can trigger scans, retrieve findings, drill into vulnerabilities, and explore remediation options without switching tools.&nbsp;</p>



<p class="wp-block-paragraph">AppSec teams replace dashboards with queries. They can ask for findings across projects, compare scan results, and analyze application posture from a chat interface without logging into the platform.&nbsp;</p>



<p class="wp-block-paragraph">Security leaders get instant visibility. They can ask how many critical issues exist across the organization, which applications carry the highest risk, and how posture is changing — without waiting for reports.&nbsp;</p>



<p class="wp-block-paragraph">The result is simple: security moves from a system you visit to something that works alongside you.&nbsp;</p>



<h2 class="wp-block-heading article-anchor" id="what-you-can-do-with-it">What You Can Do&nbsp;With&nbsp;It&nbsp;</h2>



<p class="wp-block-paragraph">At launch,&nbsp;Checkmarx&nbsp;MCP Server ships with around 20 tools covering the core security workflow directly inside your AI assistant. You can:&nbsp;</p>



<ol start="1" class="wp-block-list">
<li>Trigger SAST, SCA,&nbsp;IaC, and Secrets scans&nbsp;</li>
</ol>



<ol start="2" class="wp-block-list">
<li>Retrieve and filter findings with full context&nbsp;</li>
</ol>



<ol start="3" class="wp-block-list">
<li>Get risk visibility across projects and applications&nbsp;</li>
</ol>



<ol start="4" class="wp-block-list">
<li>Manage applications and projects&nbsp;</li>
</ol>



<ol start="5" class="wp-block-list">
<li>Run the complete create to scan to review to act loop without leaving your environment&nbsp;</li>
</ol>



<p class="wp-block-paragraph">These are not raw API calls wrapped in a tool. They are high-level, composable actions designed for natural language interaction, built so an AI agent can reason over them and chain them dynamically based on what you ask.&nbsp;</p>



<h2 class="wp-block-heading article-anchor" id="simple-to-connect-enterprise-ready-by-design">Simple to Connect, Enterprise Ready by Design&nbsp;</h2>



<p class="wp-block-paragraph">Connecting takes minutes. An admin enables access&nbsp;once&nbsp;and it becomes available across the organization.&nbsp;</p>



<p class="wp-block-paragraph">Developers can connect from any MCP-compatible client through marketplace and connector integrations — available now on Claude, GitHub, Cursor, Visual Studio Code, and OpenAI,&nbsp;that handle configuration automatically. For advanced setups, standard JSON-based configuration is also supported.&nbsp;</p>



<p class="wp-block-paragraph">Enterprise-grade controls are&nbsp;built in&nbsp;from the start, including RBAC passthrough, multi-tenant isolation, audit logging, and TLS. The same security posture you expect from&nbsp;Checkmarx&nbsp;One, extended to the agent layer.&nbsp;</p>



<!-- ====================================================================
  CHECKMARX · MCP BLOG CTA CARD  (v2 — theme-proof fonts + responsive)
  How to use: paste this entire block into a "Custom HTML" block
  in the WordPress editor.

  ➊ ADD YOUR LINKS — two spots below are marked 🔗 (or search href="#").
     Replace the # with the full URL, e.g. href="https://checkmarx.com/..."
  ➋ FONT — DM Sans is loaded two ways (the <link/> below AND an @import
     inside the <style>) so it survives plugins/themes that strip one or
     the other. If the theme already loads DM Sans, you can delete both.
     Note: if a privacy/GDPR or performance plugin blocks Google Fonts
     site-wide, ask the web team to enqueue DM Sans in the theme instead.
==================================================================== -->
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=DM+Sans:wght@400;500;700&#038;display=swap" rel="stylesheet">

<div class="cxcta">
  <style>
    @import url('https://fonts.googleapis.com/css2?family=DM+Sans:wght@400;500;700&display=swap');

    /* Scoped under .cxcta. Typography carries !important on every text
       element because WP theme rules like ".entry-content p" otherwise
       out-rank the card's classes and swap in the theme's own font,
       sizes, and spacing — which is what broke v1. */
    .cxcta{
      --cx-violet:   #6B34FD;
      --cx-magenta:  #A822BF;
      --cx-orange:   #F25929;
      --cx-midnight: #140921;
      --cx-white:    #FCF9FE;
      --cx-font: "DM Sans","Helvetica Neue",Helvetica,Arial,sans-serif;
      font-family: var(--cx-font);
      margin: 2.5rem 0;
    }
    .cxcta, .cxcta *, .cxcta *::before, .cxcta *::after{ box-sizing:border-box; }

    .cxcta .cxcta-card{
      position: relative;
      overflow: hidden;
      text-align: center;
      background:
        radial-gradient(120% 90% at 50% -10%, rgba(107,52,253,.32), transparent 55%),
        radial-gradient(70% 60% at 100% 110%, rgba(168,34,191,.20), transparent 60%),
        radial-gradient(60% 50% at 0% 100%,   rgba(107,52,253,.16), transparent 60%),
        var(--cx-midnight);
      border: 1px solid rgba(107,52,253,.45);
      border-radius: 24px;
      padding: clamp(40px,7vw,76px) clamp(20px,6vw,72px);
      -webkit-font-smoothing: antialiased;
      -moz-osx-font-smoothing: grayscale;
    }

    /* Eyebrow */
    .cxcta p.cxcta-eyebrow{
      margin: 0 0 18px !important;
      padding: 0 !important;
      font-family: var(--cx-font) !important;
      font-size: .78rem !important;
      font-weight: 500 !important;
      letter-spacing: .22em !important;
      line-height: 1.5 !important;
      text-transform: uppercase !important;
      color: #A685FD !important; /* Quantum Violet 60% tint */
    }
    .cxcta .cxcta-dash{
      display: inline-block;
      width: 22px; height: 2px;
      margin: 0 12px 4px 0;
      vertical-align: middle;
      border-radius: 2px;
      background: var(--cx-violet);
    }

    /* Headline — fluid from phone to desktop */
    .cxcta h2.cxcta-title{
      margin: 0 auto 16px !important;
      padding: 0 !important;
      font-family: var(--cx-font) !important;
      font-size: clamp(1.75rem, 1.1rem + 3.4vw, 2.9rem) !important;
      font-weight: 700 !important;
      letter-spacing: -.02em !important;
      line-height: 1.12 !important;
      color: var(--cx-white) !important;
      text-wrap: balance;
    }
    .cxcta .cxcta-grad{ /* approved violet → orange gradient on one key word */
      background: linear-gradient(90deg,var(--cx-violet),var(--cx-orange));
      -webkit-background-clip: text;
      background-clip: text;
      color: transparent;
      -webkit-text-fill-color: transparent;
    }
    @supports not ((-webkit-background-clip:text) or (background-clip:text)){
      .cxcta .cxcta-grad{ background:none; color:var(--cx-orange); -webkit-text-fill-color:currentColor; }
    }

    /* Intro copy — fluid size */
    .cxcta p.cxcta-intro{
      max-width: 620px;
      margin: 0 auto !important;
      padding: 0 !important;
      font-family: var(--cx-font) !important;
      font-size: clamp(1rem, .9rem + .55vw, 1.2rem) !important;
      font-weight: 400 !important;
      letter-spacing: 0 !important;
      line-height: 1.65 !important;
      color: rgba(252,249,254,.78) !important;
    }
    .cxcta p.cxcta-intro strong{
      color: var(--cx-white) !important;
      font-weight: 700 !important;
    }

    /* Buttons */
    .cxcta .cxcta-actions{
      display: flex;
      flex-wrap: wrap;
      gap: 14px;
      justify-content: center;
      margin-top: 34px;
    }
    .cxcta a.cxcta-btn{
      display: inline-flex;
      align-items: center;
      justify-content: center;
      gap: 8px;
      min-height: 54px;
      padding: 15px 30px;
      border-radius: 12px;
      font-family: var(--cx-font) !important;
      font-size: 1.0625rem !important;
      font-weight: 700 !important;
      line-height: 1.2 !important;
      text-align: center;
      text-decoration: none !important;
      border-bottom: none !important;
      box-shadow: none !important;
      transition: transform .18s ease, filter .18s ease,
                  background-color .18s ease, border-color .18s ease;
    }
    .cxcta a.cxcta-btn--primary{
      background-image: linear-gradient(90deg,var(--cx-violet),var(--cx-magenta));
      color: var(--cx-white) !important;
    }
    .cxcta a.cxcta-btn--primary:hover{ filter: brightness(1.1); transform: translateY(-1px); }
    .cxcta a.cxcta-btn--ghost{
      background: rgba(252,249,254,.05);
      border: 1px solid rgba(252,249,254,.28);
      color: var(--cx-white) !important;
    }
    .cxcta a.cxcta-btn--ghost:hover{
      border-color: rgba(107,52,253,.9);
      background: rgba(107,52,253,.14);
    }
    .cxcta a.cxcta-btn:focus-visible{ outline: 3px solid #A685FD; outline-offset: 3px; }
    .cxcta .cxcta-arrow{ flex:none; transition: transform .18s ease; }
    .cxcta a.cxcta-btn--primary:hover .cxcta-arrow{ transform: translateX(3px); }

    /* ---------- Responsive ----------
       Desktop ≥ 901px: full padding, buttons side by side.
       Tablet 641–900px: fluid type steps down, buttons stay inline
       and wrap gracefully if the column is narrow.
       Mobile ≤ 640px: buttons stack full-width, tighter eyebrow.   */
    @media (max-width: 900px){
      .cxcta .cxcta-card{ border-radius: 20px; }
      .cxcta .cxcta-actions{ margin-top: 30px; }
    }
    @media (max-width: 640px){
      .cxcta{ margin: 2rem 0; }
      .cxcta .cxcta-card{ border-radius: 18px; }
      .cxcta p.cxcta-eyebrow{ font-size: .7rem !important; letter-spacing: .16em !important; margin-bottom: 14px !important; }
      .cxcta .cxcta-dash{ width: 16px; margin-right: 9px; }
      .cxcta .cxcta-actions{ flex-direction: column; align-items: stretch; gap: 12px; margin-top: 26px; }
      .cxcta a.cxcta-btn{ width: 100%; padding: 15px 18px; font-size: 1rem !important; }
    }
    @media (max-width: 380px){
      .cxcta h2.cxcta-title{ font-size: 1.55rem !important; }
    }
    @media (prefers-reduced-motion: reduce){
      .cxcta *{ transition: none !important; }
    }
  </style>

  <div class="cxcta-card">

    <p class="cxcta-eyebrow"><span class="cxcta-dash" aria-hidden="true"></span>The new agentic application security</p>

    <h2 class="cxcta-title article-anchor" id="secure-what-comes-next">Secure What Comes <span class="cxcta-grad">Next.</span>
</h2>

    <p class="cxcta-intro">Security work is moving into AI assistants, automated pipelines, and multi-agent systems. The interface is changing. The workflows are changing. The expectations are changing. If AI becomes the interface for development, MCP becomes the interface for security. <strong>Checkmarx is already there.</strong></p>

    <div class="cxcta-actions">

      <!-- 🔗 LINK 1 of 2 · paste the MCP solution page URL into href="#" below -->
      <a class="cxcta-btn cxcta-btn--primary" href="https://checkmarx.com/solutions/checkmarx-mcp/">Explore the MCP Solution<span class="cxcta-arrow" aria-hidden="true">&rarr;</span></a>

      <!-- 🔗 LINK 2 of 2 · paste the Developer Assist trial URL into href="#" below -->
      <a class="cxcta-btn cxcta-btn--ghost" href="https://dev.checkmarx.com/free-trial/">Start a Free Developer Assist Trial</a>

    </div>

  </div>
</div>
<!-- ==================== END CHECKMARX CTA CARD ==================== -->]]></content:encoded>
					
		
		
		
	</item>
		<item>
		<title>99% Unpatched: What Mythos, Gartner, and a Nine-Second Disaster Tell Us About the Future of AppSec </title>
		<link>https://checkmarx.com/blog/99-unpatched-what-mythos-gartner-and-a-nine-second-disaster-tell-us-about-the-future-of-appsec/</link>
		
		<dc:creator><![CDATA[Eran Kinsbruner]]></dc:creator>
		<pubDate>Thu, 11 Jun 2026 10:57:20 +0000</pubDate>
				<category><![CDATA[Blog]]></category>
		<guid isPermaLink="false">https://staging.checkmarx.com/?p=113152</guid>

					<description><![CDATA[There&#8217;s an old metaphor about a frog in slowly boiling water: the temperature rises so gradually that the frog never notices the danger. That could describe the state of modern software development. The water is AI-generated code. Application Security is the frog. And someone just cranked up the heat. Who turned up the heat? Mythos, Anthropic&#8217;s tectonic leap forward in bug detection. The new Claude model has astounding implications for [&#8230;]]]></description>
										<content:encoded><![CDATA[<p class="wp-block-paragraph">There&#8217;s an old metaphor about a frog in slowly boiling water: the temperature rises so gradually that the frog never notices the danger. That could describe the state of modern software development. The water is AI-generated code. Application Security is the frog. And someone just cranked up the heat.</p>



<p class="wp-block-paragraph"><strong>Who turned up the heat? Mythos, Anthropic&#8217;s tectonic leap forward in bug detection. The new Claude model has astounding implications for enterprise security. Of the vulnerabilities Mythos has found so far, <a href="https://gartner.com/en/documents/7699225" target="_blank" rel="noreferrer noopener">99% haven&#8217;t been patched</a>, according to Gartner.  </strong><br> <br>That stat came to life at the <a href="https://gartner.com/en/conferences/na/security-risk-management-us" target="_blank" rel="noreferrer noopener">Gartner® Security and Risk Management Summit</a> last week, where a show of hands in a room of roughly 300 security professionals revealed that barely ten had met a 30-day critical patch SLA. Almost none had hit 7 days. All this while Mythos can generate working CVE exploits in 10–15 minutes, at less than $1 per exploit. <br> <br>The reaction in the room said it all: every LLM is a potential attack surface. Mythos has made the tech debt bill come due, by surfacing a massive backlog of findings that can no longer be deferred. </p>



<p class="wp-block-paragraph">It&#8217;s never been faster, cheaper, or easier to do bad things in the digital world. The time to patch is now.</p>



<p class="wp-block-paragraph"></p>



<h2 class="wp-block-heading article-anchor" id="the-call-is-coming-from-inside-the-code"><strong>The Call is Coming from Inside the Code!</strong></h2>



<p class="wp-block-paragraph">Humans aren’t the only ones who can wreak havoc with AI, as I learned from another Gartner session. The most dangerous thing an AI agent does might not be what an attacker tells it to do. It might be what it decides to do on its own. <br> <br>One researcher shared two sobering examples. In the first, an autonomous agent started deleting a director&#8217;s emails unprompted and kept going even after being told to stop. She had to physically unplug the machine. In the second, a company lost its entire production database in nine seconds. It wasn’t a human attacker, but to a coding agent &#8220;helpfully&#8221; searching for an API key that stumbled into a destructive command and crashed the platform.  <br> <br>Unsettling? Yes. Also, exactly the wake-up call the industry needs to stop treating security as a checkpoint and start treating it as infrastructure.</p>



<p class="wp-block-paragraph"></p>



<h2 class="wp-block-heading article-anchor" id="security-as-infrastructure-not-afterthought"><strong>Security as Infrastructure, Not Afterthought</strong></h2>



<p class="wp-block-paragraph">The rapidly evolving threat landscape demands a fundamentally different approach. Organizations large and small must stop treating security as a gate at the end of the pipeline and start embedding it into every phase of development. That means collapsing raw findings into actionable signal, building remediation directly into developer workflows, and maintaining visibility across every layer of the software supply chain.&nbsp;</p>



<p class="wp-block-paragraph">Discovery is table stakes now. Remediation at scale is the true measure of success. CISOs need to stop counting vulnerabilities found and start tracking how fast they fix them.&nbsp;&nbsp;<br>Because in a world where exploits can be generated in minutes for less than a dollar, the backlog IS the breach.&nbsp;</p>



<p class="wp-block-paragraph"></p>



<h2 class="wp-block-heading article-anchor" id="it-starts-with-the-developer">It starts with the developer.</h2>



<p class="wp-block-paragraph">In my talk at this week&#8217;s Summit, &#8220;When Code Secures Itself: The Rise of Agentic AI in Application Security,&#8221; I outlined four control points across the AI development lifecycle and a simple, uncomfortable truth: the cost of fixing a vulnerability rises roughly 10x at every stage you wait.&nbsp;<br>&nbsp;<br>The first control point is the IDE, where AI-generated code is being written. This is where intervention is cheapest, where you have full application context, and where real-time assessment can catch issues before they ever leave the&nbsp;developer&#8217;s&nbsp;screen.&nbsp;&nbsp;<br>&nbsp;<br>The second is the build and CI/CD pipeline, where hybrid deterministic and AI-powered scanning can handle the sheer volume of findings and triage them by real exploitability — not just raw count.&nbsp;&nbsp;<br>&nbsp;<br>The third is the AI supply chain itself: MCP servers, agent frameworks, foundation model SDKs, and fine-tuning pipelines, all of which require deterministic discovery from outside the model.&nbsp;&nbsp;<br>&nbsp;<br>And the fourth is runtime, where dynamic testing extended for AI workloads and application security posture management tie findings back to business context and close the feedback loop.&nbsp;<br>&nbsp;<br>So catching a vulnerability in the IDE is&nbsp;roughly 10x&nbsp;cheaper than catching it in the build, 100x cheaper than in the supply chain, and 1,000x cheaper than in runtime/production.&nbsp;</p>



<p class="wp-block-paragraph">But here’s the harsh reality:&nbsp;<strong>only about one in five developers actually embed security at the point of code creation</strong>.&nbsp;We know this from the&nbsp;2,350 AppSec professionals in 14 countries&nbsp;we surveyed for our most recent Future of Application Security Report.&nbsp;&nbsp;&nbsp;<br>&nbsp;<br>More than 80% of&nbsp;AppSec&nbsp;is&nbsp;conducted at&nbsp;defined stages after the code already exists, or worse, reactively once incidents surface. Flaws caught late are flaws that can be exploited.&nbsp;Flaws that can be thousands of times more expensive to fix.</p>



<p class="wp-block-paragraph"></p>



<h2 class="wp-block-heading article-anchor" id="cast-wide-fix-fast-trust-nothing"><strong>Cast Wide, Fix Fast, Trust Nothing</strong></h2>



<p class="wp-block-paragraph">The future of application security is about casting the widest net possible: probabilistic, deterministic, agentic, and independent&nbsp;capabilities,&nbsp;all working together. These&nbsp;are&nbsp;the principles&nbsp;we&#8217;ve&nbsp;built&nbsp;into the&nbsp;Checkmarx&nbsp;platform, informed by two decades of protecting enterprise code&nbsp;and scanning trillions&nbsp;of lines of it.&nbsp;In my talk at the Summit, I outlined&nbsp;what we at Checkmarx see as the non-negotiables:&nbsp;</p>



<ul class="wp-block-list">
<li>
<strong>The benefits of hybrid scanning.</strong> Deterministic precision combined with AI-augmented reasoning — known patterns and novel zero-days, not one or the other. </li>
</ul>



<ul class="wp-block-list">
<li>
<strong>Importance of prioritization by attackability.</strong> Performance is measured by ranking findings by real-world exploitability, not raw severity scores. Fix what matters first. </li>
</ul>



<ul class="wp-block-list">
<li>
<strong>AI supply chain visibility is critical.</strong> MCP servers, agent frameworks, model SDKs, fine-tuning pipelines, all need to be governed from outside the model, because the student should never grade their own exam. </li>
</ul>



<ul class="wp-block-list">
<li>
<strong>Enterprise-scale governance is mandatory.</strong> Barely one in five companies even have formal AI governance (another concerning stat from our Future of Application Security Report.) Organizations need policy management and guardrails that scale across organizations, not just individual developers. </li>
</ul>



<ul class="wp-block-list">
<li>
<strong>Humans in the loop, always.</strong> AI handles the volume and velocity. Real experts stay in control with full oversight, policy enforcement, and audit-ready reporting.  <br>
</li>
</ul>



<h2 class="wp-block-heading article-anchor" id="lets-jump-before-the-water-boils"><strong>Let’s Jump Before the Water Boils</strong></h2>



<p class="wp-block-paragraph">The agents are already here, writing code and taking actions at a speed no human team can manually oversee. The question isn&#8217;t whether you need agentic security — it&#8217;s whether you&#8217;ll have it before the next nine-second disaster.&nbsp;</p>



<p class="wp-block-paragraph">The water is getting hotter. The frog that&nbsp;survives is the one that feels the temperature and jumps before&nbsp;it’s&nbsp;too late.&nbsp;</p>]]></content:encoded>
					
		
		
		
	</item>
		<item>
		<title>Building an AI Security Agent Is Easy. Operating One Is Harder.</title>
		<link>https://checkmarx.com/blog/building-an-ai-security-agent-is-easy-operating-one-is-harder/</link>
		
		<dc:creator><![CDATA[Harshil Parikh]]></dc:creator>
		<pubDate>Wed, 10 Jun 2026 06:32:09 +0000</pubDate>
				<category><![CDATA[AI & LLM Tools in Application Security]]></category>
		<category><![CDATA[Blog]]></category>
		<category><![CDATA[Agentic AI]]></category>
		<category><![CDATA[Agentic AppSec]]></category>
		<category><![CDATA[AI Agents]]></category>
		<category><![CDATA[AI in Engineering]]></category>
		<category><![CDATA[AppSec]]></category>
		<guid isPermaLink="false">https://staging.checkmarx.com/?p=112921</guid>

					<description><![CDATA[A technical guide on building and operating AI security agents. ]]></description>
										<content:encoded><![CDATA[<p class="wp-block-paragraph">Building an AI agent that triages vulnerabilities or generates code fixes has never been easier. With modern frontier models, a team can assemble a convincing prototype in days.</p>



<p class="wp-block-paragraph">The challenge begins when that prototype meets production.</p>



<p class="wp-block-paragraph">Real enterprise environments are messy: large codebases, multiple languages, constantly changing repositories, and strict rules around who can access what. A demo that works on clean, controlled inputs will struggle when it hits that reality – and the failures are often hard to spot until real damage is done.</p>



<p class="wp-block-paragraph">The question isn’t whether you can build an AI security agent. It’s whether you can make it accurate, trustworthy, and dependable at scale.</p>



<h2 class="wp-block-heading article-anchor" id="what-the-demo-gets-wrong">What the Demo Gets Wrong</h2>



<p class="wp-block-paragraph">On the surface, building an AI security agent seems straightforward.</p>



<p class="wp-block-paragraph">Your security scanner flags a potential vulnerability. The agent reads the relevant code and answers two questions: is this real and exploitable? And if so, what&#8217;s the fix? A capable engineer can wire this up in an afternoon, and the same pattern holds for most code-reasoning agents.</p>



<p class="wp-block-paragraph">A basic pipeline is simple enough to build: take the finding, attach the relevant code, send it to a frontier model with a good prompt, and parse what comes back. In a controlled environment, the results can be impressive. The agent appears accurate, useful, and ready for production.</p>



<p class="wp-block-paragraph">The prototype works because its assumptions are controlled: one language, a clean repository, a code snippet that fits in the context window, and all the information needed to make the decision already available. Production removes those assumptions one by one.</p>


<div class="wp-block-image is-style-default wp-duotone-unset-1">
<figure class="aligncenter size-full"><img decoding="async" width="936" height="178" src="https://checkmarx.com/wp-content/uploads/2026/06/image.png" alt="" class="wp-image-112922" srcset="https://checkmarx.com/wp-content/uploads/2026/06/image.png 936w, https://checkmarx.com/wp-content/uploads/2026/06/image-300x57.png 300w, https://checkmarx.com/wp-content/uploads/2026/06/image-768x146.png 768w, https://checkmarx.com/wp-content/uploads/2026/06/image-400x76.png 400w" sizes="(max-width: 936px) 100vw, 936px" /><figcaption class="wp-element-caption"><em>The prototype pipeline: correct often enough to be convincing on curated inputs</em></figcaption></figure>
</div>


<p class="wp-block-paragraph">A real environment generates thousands of findings across dozens of languages and frameworks. Repositories are large monorepos with partial checkouts. The scanned commit may no longer exist. Branches get deleted. The code needed to understand a single finding can span multiple files, services, and dependency versions, far more than can fit into a context window.</p>



<p class="wp-block-paragraph">On top of that, the model itself is non-deterministic. The same input can produce different answers on different runs. The hard part was never the model call. It is everything required to make that call correct, reliable, and repeatable at scale.</p>



<h2 class="wp-block-heading article-anchor" id="the-layers-most-prototypes-ignore">The Layers Most Prototypes Ignore</h2>



<p class="wp-block-paragraph">A production agent isn&#8217;t just a prompt, it&#8217;s three systems working together. Most prototypes focus almost entirely on the first, which is exactly why they struggle in production.</p>



<p class="has-medium-font-size wp-block-paragraph"><strong>1. Prompt engineering</strong></p>



<p class="wp-block-paragraph">This is the part most people think about first: task framing, output schemas, system instructions, and few-shot examples. It determines how the model reasons about a problem. It is essential, but it only controls the model&#8217;s behavior. It does not determine whether the model has the right information or whether its answer can be trusted.</p>



<p class="has-medium-font-size wp-block-paragraph"><strong>2. Context engineering</strong></p>



<p class="wp-block-paragraph">Context engineering is about getting the right information to the model in the first place. That means resolving the exact repository state, tracing data flow, identifying relevant dependencies, and selecting the smallest amount of code needed to make a correct decision. In practice, this is where accuracy is often won or lost.</p>



<p class="has-medium-font-size wp-block-paragraph"><strong>3. Harness engineering</strong></p>



<p class="wp-block-paragraph">Harness engineering is everything around the model that makes it usable in production: orchestration, evaluation, guardrails, isolation, observability, retries, fallbacks, and cost and latency management. It is the layer that turns a capable model into dependable software.</p>


<div class="wp-block-image">
<figure class="aligncenter size-full"><img decoding="async" width="936" height="489" src="https://checkmarx.com/wp-content/uploads/2026/06/image-1.png" alt="" class="wp-image-112923" srcset="https://checkmarx.com/wp-content/uploads/2026/06/image-1.png 936w, https://checkmarx.com/wp-content/uploads/2026/06/image-1-300x157.png 300w, https://checkmarx.com/wp-content/uploads/2026/06/image-1-768x401.png 768w, https://checkmarx.com/wp-content/uploads/2026/06/image-1-400x209.png 400w" sizes="(max-width: 936px) 100vw, 936px" /><figcaption class="wp-element-caption"><em>The engineering iceberg: building the agent is the visible part, but operating it reliably requires everything underneath.</em></figcaption></figure>
</div>


<p class="wp-block-paragraph">Prompt engineering is the visible part of the system. Context engineering and harness engineering are the much larger layers beneath it that determine whether the agent can be trusted in production.</p>



<p class="wp-block-paragraph">Those layers consist of a collection of supporting subsystems that rarely appear in demos but do most of the work required to make the agent reliable:</p>



<h3 class="wp-block-heading"><strong>Data ingestion and normalization </strong></h3>



<p class="wp-block-paragraph">A finding is a pointer, not a payload. The system must resolve the exact file at the scanned commit, across SCM, scanner, and CI systems, with consistent schemas across languages and scanner versions.</p>



<h3 class="wp-block-heading"><strong>Context modeling</strong></h3>



<p class="wp-block-paragraph">A monorepo will not fit in a context window. Techniques such as call-graph traversal and taint analysis identify the specific code, configuration, and dependencies a verdict depends on. The goal is to provide enough context to be correct without overwhelming the model.</p>



<h3 class="wp-block-heading"><strong>Identity and access</strong></h3>



<p class="wp-block-paragraph">The agent acts across repos with different permissions. Results must never expose code a user is not authorized to see, and multi-tenant environments must prevent data leakage between customers.</p>



<h3 class="wp-block-heading"><strong>Workflow integration</strong></h3>



<p class="wp-block-paragraph">A verdict that does not land in a PR, ticket, IDE, or SARIF stream has limited value. The agent must also stay synchronized with the systems that track vulnerability status and ownership, whether that is a ticketing or GRC system or the scanning platform itself. This means deduplication across scans, idempotent comments, and durable state for findings that have already been triaged or dismissed.</p>



<h3 class="wp-block-heading"><strong>Evaluation</strong></h3>



<p class="wp-block-paragraph">Quality must be measured before it can be improved. That requires labeled datasets for triage and remediation outcomes across languages and vulnerability types, along with regression suites that detect when prompts, models, or system changes reduce accuracy.</p>



<h3 class="wp-block-heading"><strong>Security and governance</strong></h3>



<p class="wp-block-paragraph">The agent reasons over attacker-influenced sources and makes decisions an enterprise is accountable for. It needs prompt-injection defenses, human-in-the-loop gates for high-impact actions, and policy controls over what it is allowed to decide on its own versus escalate.</p>



<h2 class="wp-block-heading article-anchor" id="how-it-fails-usually-quietly">How It Fails (Usually Quietly)</h2>



<p class="wp-block-paragraph">A prototype rarely fails with an error message. More often, it returns a confident, well-formatted answer that happens to be wrong. In a security workflow, a plausible wrong answer is harder to detect – and often more damaging – than an obvious failure.</p>



<p class="wp-block-paragraph">Some of the most common failure modes look like this:</p>



<figure class="wp-block-table is-style-regular"><table class="has-fixed-layout"><tbody>
<tr>
<td>Missing or stale context&nbsp;&nbsp;</td>
<td>When the agent cannot retrieve the exact code state a finding refers to,&nbsp;it&nbsp;reasons over a guess. In&nbsp;practice&nbsp;this, rather than model reasoning quality, is&nbsp;frequently&nbsp;the dominant source of incorrect verdicts. The agent does not know what it did not see.&nbsp;&nbsp;</td>
</tr>
<tr>
<td>Plausible&nbsp;but&nbsp;wrong verdicts&nbsp;</td>
<td>A real, exploitable finding gets dismissed with high confidence, or an unreachable one gets escalated. Without reachability and data-flow context, the model has no reliable basis for the call it is making.&nbsp;</td>
</tr>
<tr>
<td>Fixes that break behavior&nbsp;</td>
<td>A remediation can resolve the flagged pattern while silently changing application behavior or introducing a regression. Correct-looking is&nbsp;not the same as&nbsp;correct, and only validation catches the difference.&nbsp;</td>
</tr>
<tr>
<td>Prompt injection via source&nbsp;code&nbsp;</td>
<td>Source code is untrusted input. An attacker-placed comment instructing the model to mark a file safe is a real attack surface unique to agents that read code, and absent from any single-repo demo.&nbsp;</td>
</tr>
<tr>
<td>Evaluation blindness&nbsp;</td>
<td>Without labeled data, quality is unmeasurable. A model swap or prompt tweak that quietly drops accuracy looks identical to one that improves it until users notice, by which&nbsp;point&nbsp;trust is already gone.&nbsp;</td>
</tr>
</tbody></table></figure>



<p class="wp-block-paragraph">Getting an agent to be right most of the time is straightforward. The harder challenge – closing the gap between “works most of the time” and “can be trusted consistently in production” – is where most of the engineering effort lives. Each incremental improvement requires more context, more validation, and more operational controls than the one before it, and the work never really ends because models, threats, and codebases continue to change underneath the system.</p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img decoding="async" width="936" height="510" src="https://checkmarx.com/wp-content/uploads/2026/06/image-2.png" alt="" class="wp-image-112924" style="aspect-ratio:1.8353133961491193;width:813px;height:auto" srcset="https://checkmarx.com/wp-content/uploads/2026/06/image-2.png 936w, https://checkmarx.com/wp-content/uploads/2026/06/image-2-300x163.png 300w, https://checkmarx.com/wp-content/uploads/2026/06/image-2-768x418.png 768w, https://checkmarx.com/wp-content/uploads/2026/06/image-2-400x218.png 400w" sizes="(max-width: 936px) 100vw, 936px" /></figure>
</div>


<h2 class="wp-block-heading article-anchor" id="its-an-ongoing-commitment-not-a-project">It’s an Ongoing Commitment, Not a Project</h2>



<p class="wp-block-paragraph">Choosing to build an AI security agent internally is not a decision to complete a project. It is a decision to own and operate a long-lived ML system. The initial build is often the smaller investment. The ongoing responsibilities look like this:</p>



<ul class="wp-block-list">
<li>
<strong>Model migration</strong> – Providers deprecate and release models on their schedule. Each change means re-validating every prompt and re-running the full evaluation suite before you can trust it.</li>



<li>
<strong>Evaluation upkeep </strong>– Labeled datasets must grow as new languages, frameworks, and CWEs appear, and as your own codebase evolves. Labeling is slow, expert, and never finished.</li>



<li>
<strong>Coverage expansion</strong> – Every new language or package manager is a new context-extraction and validation effort, not a configuration flag.</li>



<li>
<strong>Drift and regression detection</strong> – Quality degrades silently. Catching it requires production monitoring, sampling, and someone accountable when accuracy slips at 2 a.m.</li>



<li>
<strong>Agent attack surface</strong> – The agent itself is now part of your threat model and needs ongoing security review like any other production service.</li>



<li>
<strong>Audit and compliance</strong> – Every automated decision that dismisses a risk or merges a fix must remain explainable, attributable, and traceable for as long as your retention and regulatory obligations require. An agent whose decisions cannot be reconstructed later is a finding waiting to happen in your next audit.</li>
</ul>



<p class="wp-block-paragraph">Once you understand what it takes to operate the system, the build-versus-buy decision becomes much easier to evaluate.</p>



<h2 class="wp-block-heading article-anchor" id="build-or-buy">Build or Buy?</h2>



<p class="wp-block-paragraph">The question isn&#8217;t whether a capable team could build this. They can. The question is whether this is a capability you want to own and operate.</p>



<p class="wp-block-paragraph"><strong>Building internally tends to make sense when:</strong></p>



<ul class="wp-block-list">
<li>This capability is core, differentiating IP, not supporting infrastructure.</li>



<li>You have a dedicated ML/platform team with capacity to operate it indefinitely.</li>



<li>You can fund continuous evaluation, labeling, and model-migration work as a standing cost.</li>



<li>Your scope is narrow enough (few languages, controlled repos) to keep the context problem tractable.</li>
</ul>



<p class="wp-block-paragraph"><strong>A purpose-built product tends to make sense when:</strong></p>



<ul class="wp-block-list">
<li>You need broad language and framework coverage from day one.</li>



<li>You need audit, isolation, and compliance guarantees out of the box.</li>



<li>You’d rather your security and platform engineers spend cycles on your business, not on operating an ML pipeline.</li>



<li>You want the reliability curve already climbed, and kept climbed as models change.</li>
</ul>



<h2 class="wp-block-heading article-anchor" id="before-you-build-answer-these">Before You Build, Answer These</h2>



<figure class="wp-block-table is-style-regular"><table class="has-fixed-layout"><tbody>
<tr><td>
<strong>☐  </strong>Can you reliably retrieve the exact code state (commit, branch, file) every finding refers to, across all of your repositories? </td></tr>
<tr><td>
<strong>☐  </strong>Do you have labeled evaluation data for triage accuracy and fix quality by language and CWE, and who maintains it?</td></tr>
<tr><td>
<strong>☐&nbsp;&nbsp;</strong>How&nbsp;will&nbsp;you&nbsp;detect and prevent quality regression when a model is deprecated or swapped?&nbsp;</td></tr>
<tr><td>
<strong>☐&nbsp;&nbsp;</strong>How&nbsp;do&nbsp;you&nbsp;defend the agent against prompt injection delivered through attacker-controlled source code?&nbsp;</td></tr>
<tr><td>
<strong>☐ </strong>How do you enforce per-user and per-repo access controls to prevent code leakage, including in multi-team environments?</td></tr>
<tr><td>
<strong>☐  </strong>What’s the plan and budget for expanding coverage of languages, frameworks, and vulnerability classes over time?</td></tr>
<tr><td>
<strong>☐&nbsp;&nbsp;</strong>Can&nbsp;you&nbsp;produce a complete, explainable audit trail for every decision the agent makes automatically?&nbsp;</td></tr>
<tr><td>
<strong>☐&nbsp;&nbsp;</strong>Who&nbsp;is accountable, and on call, when the system silently degrades in production?&nbsp;</td></tr>
</tbody></table></figure>



<h2 class="wp-block-heading article-anchor" id="conclusion">Conclusion</h2>



<p class="wp-block-paragraph">A prompt and a model call can produce an answer. Making that answer reliable, repeatable, and trustworthy across thousands of findings, repositories, and edge cases is the real work.</p>



<p class="wp-block-paragraph">The challenge isn&#8217;t creating the agent. It&#8217;s operating the system around it.</p>]]></content:encoded>
					
		
		
		
		<media:thumbnail url="https://checkmarx.com/wp-content/uploads/2026/06/image-150x150.png" />
		<media:content url="https://checkmarx.com/wp-content/uploads/2026/06/image.png" medium="image">
			<media:title type="html">image</media:title>
			<media:thumbnail url="https://checkmarx.com/wp-content/uploads/2026/06/image-150x150.png" />
		</media:content>
		<media:content url="https://checkmarx.com/wp-content/uploads/2026/06/image-1.png" medium="image">
			<media:title type="html">image</media:title>
			<media:thumbnail url="https://checkmarx.com/wp-content/uploads/2026/06/image-1-150x150.png" />
		</media:content>
		<media:content url="https://checkmarx.com/wp-content/uploads/2026/06/image-2.png" medium="image">
			<media:title type="html">image</media:title>
			<media:thumbnail url="https://checkmarx.com/wp-content/uploads/2026/06/image-2-150x150.png" />
		</media:content>
	</item>
		<item>
		<title>Just Launched: The Future of Application Security in the Era of AI &#8211; 2027 Industry Outlook </title>
		<link>https://checkmarx.com/blog/just-launched-the-future-of-application-security-in-the-era-of-ai-2027-industry-outlook/</link>
		
		<dc:creator><![CDATA[Checkmarx Team]]></dc:creator>
		<pubDate>Tue, 09 Jun 2026 07:08:47 +0000</pubDate>
				<category><![CDATA[AI & LLM Tools in Application Security]]></category>
		<category><![CDATA[Application Security Trends & Insights]]></category>
		<category><![CDATA[Blog]]></category>
		<category><![CDATA[CISO Strategy & Leadership in Application Security]]></category>
		<category><![CDATA[Secure Coding Best Practices for Developers]]></category>
		<category><![CDATA[2027]]></category>
		<category><![CDATA[Agentic AppSec]]></category>
		<category><![CDATA[AI generated code]]></category>
		<category><![CDATA[CISO]]></category>
		<category><![CDATA[Industry Reports]]></category>
		<category><![CDATA[Vulnerability Remediation]]></category>
		<guid isPermaLink="false">https://staging.checkmarx.com/?p=112897</guid>

					<description><![CDATA[Application security has entered a dangerously paradoxical new phase: Organizations now have more visibility into application security risk than at any point in history. AI-powered detection tools are in virtually every developer&#8217;s IDE. Breach data is abundant. The threat landscape is well-documented.  And yet, the industry&#8217;s response to all of this visibility has been to build structures that neutralize it, filtering, delaying, and deprioritizing risk at [&#8230;]]]></description>
										<content:encoded><![CDATA[<p class="wp-block-paragraph">Application security has entered a dangerously paradoxical new phase: Organizations now have more visibility into application security risk than at any point in history. AI-powered detection tools are in virtually every developer&#8217;s IDE. Breach data is abundant. The threat landscape is well-documented.  And yet, the industry&#8217;s response to all of this visibility has been to build structures that neutralize it, filtering, delaying, and deprioritizing risk at every decision layer. </p>



<p class="wp-block-paragraph">That is the central finding of&nbsp;<em>The Future of Application Security in the Era of AI</em>,&nbsp;a global research&nbsp;conducted&nbsp;annually&nbsp;by&nbsp;Censuswide&nbsp;on behalf of Checkmarx and published today.&nbsp;</p>



<p class="wp-block-paragraph">The report&nbsp;is based on a survey of 2,350 CISOs, AppSec managers, and developers across 14 countries&nbsp;&#8211;&nbsp;our largest sample to date&nbsp;&#8211;&nbsp;and it describes an industry that has solved detection but&nbsp;can&#8217;t&nbsp;close the gap between finding a vulnerability and fixing it.&nbsp;<br>&nbsp;<br>Up until April, this tension was barely&nbsp;viable. Then Anthropic disclosed Mythos — a model capable of discovering and exploiting long-standing vulnerabilities across major operating systems and browsers, producing working exploits&nbsp;nearly 100&nbsp;times more&nbsp;frequently&nbsp;than its predecessor.&nbsp;&nbsp;</p>



<p class="wp-block-paragraph">A&nbsp;world where&nbsp;a&nbsp;third of organizations leaving half their vulnerabilities unfixed for&nbsp;90 days&nbsp;cannot survive a reality where&nbsp;Mythos and the models to follow it&nbsp;exist. The clock now runs in minutes, not&nbsp;months.&nbsp;&nbsp;</p>



<p class="wp-block-paragraph"><a href="https://checkmarx.com/foa-report/?utm_source=blog&amp;utm_medium=referral&amp;utm_campaign=foa_report_2027_launch">Read the full report. </a></p>



<h2 class="wp-block-heading article-anchor" id="what-the-data-reveals">What the Data Reveals&nbsp;</h2>



<p class="wp-block-paragraph">Two years after AI code generation went mainstream, the development environment has fundamentally changed. But the systems responsible for securing it have not.&nbsp;</p>



<p class="wp-block-paragraph"><strong>Most code&nbsp;isn&#8217;t&nbsp;really yours anymore.</strong>&nbsp;49% of production code is now AI-generated. 67% of organizations report that open-source components make up at least&nbsp;half&nbsp;their codebase. Human-written first-party code is no longer the norm. The developer role has shifted from author to editor, and the security model built for human-authored code&nbsp;hasn&#8217;t&nbsp;shifted with it.&nbsp;</p>



<p class="wp-block-paragraph"><strong>More AI code means more risk — and the correlation is linear.</strong> We segmented all 2,350 respondents by how much of their production code is AI-generated, then compared each group&#8217;s rate of shipping known-vulnerable code. Organizations where 81-100% of code is AI-generated ship vulnerable code at 3.4x the rate of those at 1-20%. The pattern is clear across every bracket: 14% → 19% → 23% → 36% → 47%. And 70% of developers themselves confirm that AI code generation tools introduced more vulnerabilities in 2025. <br></p>



<figure class="wp-block-image size-full"><img decoding="async" width="997" height="597" src="https://checkmarx.com/wp-content/uploads/2026/06/3.4.png" alt="Organizations where 81-100% of code is AI-generated ship vulnerable code at 3.4x the rate of those at 1-20%. " class="wp-image-112898" srcset="https://checkmarx.com/wp-content/uploads/2026/06/3.4.png 997w, https://checkmarx.com/wp-content/uploads/2026/06/3.4-300x180.png 300w, https://checkmarx.com/wp-content/uploads/2026/06/3.4-768x460.png 768w, https://checkmarx.com/wp-content/uploads/2026/06/3.4-977x585.png 977w, https://checkmarx.com/wp-content/uploads/2026/06/3.4-400x240.png 400w" sizes="(max-width: 997px) 100vw, 997px" /></figure>



<p class="wp-block-paragraph"><strong>Risk is normalized — from the bottom up and the top down.</strong>&nbsp;75% of organizations knowingly deploy vulnerable code. 30% ship hoping the vulnerability&nbsp;won&#8217;t&nbsp;be found. At the leadership level, 95% of CISOs report being pressured to suppress or delay compliance-related security findings — 47%&nbsp;frequently. Budgets are growing (46% increased year-over-year), but only 19% of CISOs say their budget allows them to proactively reduce risk. The rest are&nbsp;operating&nbsp;in reactive or constrained modes where known risk is tolerated by design.&nbsp;</p>



<p class="wp-block-paragraph"><strong>Three roles, three realities.</strong>&nbsp;For the first time, this report analyzes how CISOs, AppSec managers, and developers&nbsp;diverge on&nbsp;the same questions — and the gaps are significant. CISOs say 11% of organizations were breach-free in the past year. Developers say 8%. AppSec managers — closest to the risk — say 1%. On shadow AI: CISOs see 5%,&nbsp;AppSec sees 18%. On whether AI coding is governed: CISOs and developers say 27-28% is &#8220;standardized and governed.&#8221; AppSec says 12%. The people responsible for security&nbsp;can&#8217;t&nbsp;agree on&nbsp;what&#8217;s&nbsp;happening inside their own organizations.&nbsp;</p>



<p class="wp-block-paragraph"><strong>Confidence and outcomes move in opposite directions.</strong>&nbsp;73% of CISOs and AppSec managers rate their security posture as advanced or highly mature. Yet 81% of organizations were breached twice or more in the past 12 months, and 48% three or more times. The most striking finding: organizations that rate themselves &#8220;highly mature&#8221; report the highest AI code volumes (60%), the highest rates of shipping vulnerable code (42%), and breach rates&nbsp;virtually identical&nbsp;to the rest of the industry.&nbsp;</p>



<p class="wp-block-paragraph"><strong>The tools work. The system&nbsp;doesn&#8217;t.</strong>&nbsp;96% of developers have AI-based security tooling in their IDE. Virtually all (99.6%)&nbsp;rate it&nbsp;effective. Yet only 18% apply security continuously as code is written — 82% still rely on checkpoints. Only 9% of organizations fix more than 90% of vulnerabilities within&nbsp;90 days. A third leave half their known vulnerabilities unfixed within that window. Detection is solved. The organizational response is&nbsp;not.&nbsp;</p>



<p class="wp-block-paragraph"><strong>Developers are&nbsp;set up&nbsp;to fail.</strong>&nbsp;Developers spend&nbsp;nearly half&nbsp;(49%) of their time on security and still ship vulnerable code at the highest rate of any group (32% &#8220;often&#8221;). When remediation fails, they face consequences on every front: post-mortems (39%), performance reviews (37%), escalation (36%), blocked releases (33%). Yet the systems contributing to that failure — tools generating low-value findings (37%), unclear guidance (38%),&nbsp;feedback arriving too late (38%) — remain unfixed.&nbsp;All of&nbsp;the accountability, none of the support.&nbsp;</p>



<h2 class="wp-block-heading article-anchor" id="whats-in-the-report">What&#8217;s&nbsp;in the report&nbsp;</h2>



<p class="wp-block-paragraph">The full report goes deeper:&nbsp;</p>



<ul class="wp-block-list">
<li>Regional breakdowns across 14 countries and three regions — including why Europe leads on breach rates, budget increases, and slowest remediation simultaneously </li>
</ul>



<ul class="wp-block-list">
<li>The complete cross-tabulation analysis linking AI code volume to vulnerable code deployment and breach frequency </li>
</ul>



<ul class="wp-block-list">
<li>The three-way perception gap: how CISOs, AppSec managers, and developers report fundamentally different versions of the same reality </li>
</ul>



<ul class="wp-block-list">
<li>The confidence paradox: why &#8220;highly mature&#8221; organizations sit at the top of every risk curve </li>
</ul>



<ul class="wp-block-list">
<li>The developer burden data: time spent, friction sources, consequences, and why the current model is failing them </li>
</ul>



<ul class="wp-block-list">
<li>Six strategic imperatives for closing the gap between detection and action — including the case for agentic security </li>
</ul>



<p class="wp-block-paragraph">From governance frameworks to the autonomy question to the case for agentic security, it&#8217;s not only the most comprehensive and up-to-date survey of how AppSec is practiced across the industry — it&#8217;s the playbook for what organizations need to do to stop letting known risks survive the decision chain.&nbsp;</p>



<p class="wp-block-paragraph"><a href="https://checkmarx.com/foa-report/?utm_source=blog&amp;utm_medium=referral&amp;utm_campaign=foa_report_2027_launch">Read the full report. </a></p>]]></content:encoded>
					
		
		
		
		<media:thumbnail url="https://checkmarx.com/wp-content/uploads/2026/06/3.4-150x150.png" />
		<media:content url="https://checkmarx.com/wp-content/uploads/2026/06/3.4.png" medium="image">
			<media:title type="html">3.4</media:title>
			<media:thumbnail url="https://checkmarx.com/wp-content/uploads/2026/06/3.4-150x150.png" />
		</media:content>
	</item>
		<item>
		<title>Update: Ongoing Checkmarx Supply Chain Security Incident</title>
		<link>https://checkmarx.com/blog/ongoing-security-updates/</link>
		
		<dc:creator><![CDATA[Checkmarx Team]]></dc:creator>
		<pubDate>Mon, 01 Jun 2026 14:53:39 +0000</pubDate>
				<category><![CDATA[Blog]]></category>
		<category><![CDATA[Checkmarx Security Update]]></category>
		<guid isPermaLink="false">https://staging.checkmarx.com/?p=108697</guid>

					<description><![CDATA[Supply Chain Security Incident Summary Updated June 4, 2026 The following is designed to provide an incident summary and central location for updates that have previously been provided. Situation Overview Checkmarx experienced a cybersecurity supply chain incident affecting certain developer artifacts distributed through third-party channels. On March 23, 2026, Checkmarx identified that attackers gained unauthorized [&#8230;]]]></description>
										<content:encoded><![CDATA[<style>@media (max-width:991px){.post-layout{display:block !important;grid-template-columns:none !important;width:100% !important;max-width:100vw !important;overflow-x:hidden !important;padding-left:0 !important;padding-right:0 !important;}.post-layout>.content,.post-layout>article.content{width:100% !important;max-width:100vw !important;grid-column:1 / -1 !important;padding-left:16px !important;padding-right:16px !important;box-sizing:border-box !important;overflow-x:hidden !important;}.post-layout .sidebar--right{display:none !important;}.post-layout .sidebar--left{display:none !important;}html,body{overflow-x:hidden !important;max-width:100vw !important;width:100% !important;}body main,main{overflow-x:hidden !important;max-width:100vw !important;}}.cx-incident{color:#121185 !important;background:#ffffff !important;width:100% !important;max-width:100% !important;margin:0 !important;padding:20px !important;box-sizing:border-box !important;overflow-x:hidden !important;overflow-y:visible !important;word-wrap:break-word !important;overflow-wrap:break-word !important;position:relative !important;border-radius:6px !important;}@media (max-width:991px){.cx-incident{max-width:100% !important;width:100% !important;padding:16px !important;}}.cx-incident *,.cx-incident *::before,.cx-incident *::after{box-sizing:border-box !important;max-width:100% !important;}.cx-incident p,.cx-incident li{font-size:16px !important;line-height:1.55 !important;margin:0 0 14px !important;word-wrap:break-word !important;overflow-wrap:break-word !important;}.cx-incident strong{font-weight:500 !important;}.cx-incident a{color:#0563c1 !important;text-decoration:underline !important;word-break:break-word !important;overflow-wrap:break-word !important;}.cx-incident a:hover{color:#6b34fd !important;}.cx-incident ul,.cx-incident ol{margin:0 0 14px 22px !important;padding:0 !important;}.cx-incident li{margin-bottom:6px !important;}.cx-incident h2.cx-section-title{color:#F25929 !important;font-size:28px !important;font-weight:500 !important;margin:32px 0 16px !important;letter-spacing:0.01em !important;line-height:1.2 !important;}.cx-incident h3{font-size:18px !important;font-weight:500 !important;margin:22px 0 10px !important;color:#121185 !important;line-height:1.3 !important;}.cx-incident h4{font-size:16px !important;font-weight:500 !important;margin:16px 0 8px !important;color:#121185 !important;line-height:1.3 !important;}.cx-timeline-wrap{margin:16px 0 28px !important;width:100% !important;}.cx-timeline-table{width:100% !important;border-collapse:collapse !important;border:1px solid #d8d8e8 !important;table-layout:fixed !important;}.cx-timeline-table thead th{background:#121185 !important;color:#fff !important;text-align:left !important;padding:10px 12px !important;font-weight:500 !important;font-size:13px !important;border:1px solid #121185 !important;}.cx-timeline-table tbody tr{cursor:pointer !important;background:#fff !important;}.cx-timeline-table tbody tr:nth-child(even){background:#f6f5ff !important;}.cx-timeline-table tbody tr:hover{background:#ece9ff !important;}.cx-timeline-table td{padding:12px !important;vertical-align:top !important;border:1px solid #d8d8e8 !important;line-height:1.5 !important;font-size:14px !important;word-wrap:break-word !important;overflow-wrap:break-word !important;}.cx-timeline-table td:first-child{font-weight:500 !important;color:#121185 !important;white-space:nowrap !important;}.cx-timeline-table td:nth-child(2){font-weight:600 !important;}.cx-timeline-table .cx-link-col{color:#6b34fd !important;font-weight:600 !important;}.cx-acc{margin:8px 0 24px !important;width:100% !important;}.cx-acc__item{border:1px solid #d8d8e8 !important;border-radius:8px !important;margin-bottom:10px !important;background:#fff !important;overflow:hidden !important;width:100% !important;}.cx-acc__btn{width:100% !important;text-align:left !important;background:#f6f5ff !important;border:none !important;padding:14px 44px 14px 16px !important;font-size:18px !important;font-weight:400 !important;color:#121185 !important;cursor:pointer !important;position:relative !important;font-family:inherit !important;line-height:1.35 !important;word-wrap:break-word !important;overflow-wrap:break-word !important;display:block !important;}.cx-acc__btn:hover{background:#ece9ff !important;}.cx-acc__btn::after{content:"" !important;position:absolute !important;right:18px !important;top:50% !important;width:10px !important;height:10px !important;border-right:2px solid #121185 !important;border-bottom:2px solid #121185 !important;transform:translateY(-70%) rotate(45deg) !important;transition:transform 0.25s ease !important;}.cx-acc__item.is-open .cx-acc__btn{background:#ece9ff !important;}.cx-acc__item.is-open .cx-acc__btn::after{transform:translateY(-30%) rotate(-135deg) !important;}.cx-acc__panel{max-height:0 !important;overflow:hidden !important;transition:max-height 0.35s ease !important;}.cx-acc__panel-inner{padding:16px 16px 4px !important;}.cx-incident .cx-acc__item.is-open>.cx-acc__panel{max-height:99999px !important;overflow:visible !important;}.cx-data-table-wrap{overflow-x:auto !important;-webkit-overflow-scrolling:touch !important;margin:12px 0 18px !important;width:100% !important;max-width:100% !important;}.cx-data-table{border-collapse:collapse !important;font-size:13px !important;min-width:100% !important;}.cx-data-table th,.cx-data-table td{border:1px solid #ccc !important;padding:8px 10px !important;vertical-align:top !important;text-align:left !important;word-break:break-all !important;overflow-wrap:anywhere !important;}.cx-data-table th{background:#121185 !important;color:#fff !important;font-weight:500 !important;white-space:nowrap !important;}.cx-data-table .cx-label{font-weight:500 !important;background:#f6f5ff !important;white-space:nowrap !important;width:110px !important;}.cx-banner{background:#f4d6d4 !important;padding:12px 14px !important;font-weight:500 !important;margin:16px 0 !important;border-radius:6px !important;font-size:14px !important;}.cx-evtable{width:100% !important;border-collapse:collapse !important;margin:8px 0 16px !important;font-size:13px !important;table-layout:fixed !important;}.cx-evtable td{padding:10px 8px !important;vertical-align:top !important;border-bottom:1px solid #eee !important;word-wrap:break-word !important;overflow-wrap:break-word !important;}.cx-evtable .cx-bar{width:4px !important;padding:0 !important;}.cx-evtable .cx-bar-breach{background:#c0392b !important;}.cx-evtable .cx-bar-persistence{background:#d4a017 !important;}.cx-evtable .cx-bar-disclosure{background:#1f6feb !important;}.cx-evtable .cx-month{background:#f2f2f2 !important;text-align:center !important;font-weight:500 !important;font-size:11px !important;letter-spacing:0.08em !important;}.cx-evtable .cx-date{width:60px !important;font-weight:500 !important;white-space:nowrap !important;font-size:12px !important;}.cx-evtable .cx-tag{width:90px !important;font-weight:500 !important;font-size:10px !important;letter-spacing:0.08em !important;}.cx-evtable .cx-tag-breach{color:#c0392b !important;}.cx-evtable .cx-tag-persistence{color:#d4a017 !important;}.cx-evtable .cx-tag-disclosure{color:#1f6feb !important;}.cx-legend{font-size:12px !important;margin:10px 0 18px !important;}.cx-legend span{display:inline-block !important;margin-right:14px !important;}.cx-legend .cx-sq{display:inline-block !important;width:11px !important;height:11px !important;vertical-align:middle !important;margin-right:5px !important;}@media (min-width:768px){.cx-incident p,.cx-incident li{font-size:17px !important;}.cx-incident h2.cx-section-title{font-size:32px !important;margin:40px 0 18px !important;}.cx-incident h3{font-size:20px !important;}.cx-incident h4{font-size:17px !important;}.cx-timeline-table td{font-size:15px !important;}.cx-timeline-table thead th{font-size:14px !important;}.cx-acc__btn{font-size:20px !important;padding:16px 48px 16px 18px !important;}.cx-acc__btn::after{right:20px !important;width:12px !important;height:12px !important;}.cx-acc__panel-inner{padding:18px 20px 8px !important;}.cx-data-table{font-size:14px !important;}.cx-evtable .cx-date{width:80px !important;font-size:13px !important;}.cx-evtable .cx-tag{width:110px !important;font-size:11px !important;}}@media (max-width:559px){.cx-timeline-table{border:0 !important;display:block !important;table-layout:auto !important;}.cx-timeline-table thead{display:none !important;}.cx-timeline-table tbody{display:block !important;width:100% !important;}.cx-timeline-table tbody tr{display:block !important;width:100% !important;border:1px solid #d8d8e8 !important;border-radius:8px !important;margin-bottom:12px !important;padding:6px 0 !important;background:#fff !important;}.cx-timeline-table tbody tr:nth-child(even){background:#f6f5ff !important;}.cx-timeline-table td{display:block !important;width:100% !important;border:0 !important;padding:6px 14px !important;white-space:normal !important;font-size:14px !important;}.cx-timeline-table td:first-child{font-size:12px !important;text-transform:uppercase !important;letter-spacing:0.06em !important;padding-bottom:2px !important;}.cx-timeline-table td:nth-child(2){font-size:15px !important;font-weight:500 !important;padding-top:0 !important;padding-bottom:4px !important;color:#121185 !important;}.cx-timeline-table td:nth-child(3){padding-top:2px !important;}.cx-timeline-table td:nth-child(4){border-top:1px dashed #d8d8e8 !important;margin-top:6px !important;padding-top:10px !important;font-size:12px !important;color:#121185 !important;font-weight:600 !important;}.cx-acc__btn{font-size:15px !important;padding:13px 38px 13px 14px !important;}.cx-acc__panel-inner{padding:14px 14px 4px !important;}.cx-evtable,.cx-evtable tbody,.cx-evtable tr,.cx-evtable td{display:block !important;width:100% !important;}.cx-evtable .cx-bar{display:none !important;}.cx-evtable tr{border-left:4px solid #ccc !important;padding:8px 0 !important;margin-bottom:8px !important;border-bottom:0 !important;}.cx-evtable .cx-month{border-left:0 !important;padding:6px !important;margin-bottom:8px !important;}.cx-evtable .cx-date,.cx-evtable .cx-tag{width:auto !important;display:inline-block !important;padding:2px 12px !important;}.cx-evtable .cx-tag{padding-top:0 !important;}}.cx-incident,.cx-incident p,.cx-incident li,.cx-incident span,.cx-incident strong,.cx-incident em,.cx-incident td,.cx-incident th,.cx-incident div{color:#121185 !important;}.cx-incident .cx-acc__panel-inner,.cx-incident .cx-acc__panel-inner p,.cx-incident .cx-acc__panel-inner li,.cx-incident .cx-acc__panel-inner span,.cx-incident .cx-acc__panel-inner strong,.cx-incident .cx-acc__panel-inner em,.cx-incident .cx-acc__panel-inner div{color:#121185 !important;}.cx-incident h2.cx-section-title{color:#F25929 !important;}.cx-incident h3,.cx-incident h4{color:#121185 !important;}.cx-incident .cx-acc__btn{color:#121185 !important;}.cx-incident a{color:#0563c1 !important;}.cx-incident a:hover{color:#6b34fd !important;}.cx-incident .cx-timeline-table thead th{color:#fff !important;}.cx-incident .cx-timeline-table td:first-child{color:#121185 !important;}.cx-incident .cx-timeline-table .cx-link-col,.cx-incident .cx-timeline-table .cx-link-col *{color:#6b34fd !important;}.cx-incident .cx-data-table th,.cx-incident .cx-data-table th *{color:#fff !important;}.cx-incident .cx-evtable .cx-tag-breach{color:#c0392b !important;}.cx-incident .cx-evtable .cx-tag-persistence{color:#d4a017 !important;}.cx-incident .cx-evtable .cx-tag-disclosure{color:#1f6feb !important;}@media (max-width:559px){.cx-incident .cx-timeline-table td:nth-child(2){color:#121185 !important;}.cx-incident .cx-timeline-table td:nth-child(4){color:#121185 !important;}}</style>
<div class="cx-incident">
<p><strong>Supply Chain Security Incident Summary</strong><br />
<strong>Updated June 4, 2026</strong></p>
<p>The following is designed to provide an incident summary and central location for updates that have previously been provided.</p>
<h2 class="cx-section-title article-anchor" id="situation-overview">Situation Overview</h2>
<p>Checkmarx experienced a cybersecurity supply chain incident affecting certain developer artifacts distributed through third-party channels.</p>
<p>On March 23, 2026, Checkmarx identified that attackers gained unauthorized access to Checkmarx’s GitHub repositories. This access occurred on March 19, 2026 due to the Trivy Supply Chain Attack. This access enabled the publication of malicious code to a number of externally distributed artifacts, including VS Code extensions, GitHub Actions workflows, and a Jenkins plugin. In addition, a cybercriminal group published data to the dark web that our investigation indicates originated from Checkmarx’s GitHub repositories.</p>
<p>Our investigation, conducted with the support of external forensic specialists including Mandiant, is in its final stages.</p>
<h2 class="cx-section-title article-anchor" id="timeline">Timeline</h2>
<p>Following is a timeline of events and updates.</p>
<div class="cx-timeline-wrap">
<table class="cx-timeline-table" role="grid">
<thead>
<tr>
<th scope="col">Date</th>
<th scope="col">Title</th>
<th scope="col">Description</th>
<th scope="col">Update</th>
</tr>
</thead>
<tbody>
<tr tabindex="0" data-target="acc-may9" onclick="(function(){['acc-may22','acc-may9'].forEach(function(t){var i=document.getElementById(t);if(!i)return;i.classList.add('is-open');var b=i.querySelector('.cx-acc__btn');if(b)b.setAttribute('aria-expanded','true');});var first=document.getElementById('acc-may22');setTimeout(function(){var r=first.getBoundingClientRect();window.scrollTo({top:r.top+(window.pageYOffset||document.documentElement.scrollTop)-100,behavior:'smooth'});},50);})()" onkeydown="if(event.key==='Enter'||event.key===' '){event.preventDefault();this.click();}">
<td>9-May-2026</td>
<td>Jenkins Plugin Compromise</td>
<td>External service account modified Jenkins AST plugin and published to Jenkins Marketplace</td>
<td class="cx-link-col">Incident Update: Friday, May 22, 2026<br />Incident Update: Saturday, May 9, 2026</td>
</tr>
<tr tabindex="0" data-target="acc-apr27" onclick="(function(){['acc-apr27','acc-apr26'].forEach(function(t){var i=document.getElementById(t);if(!i)return;i.classList.add('is-open');var b=i.querySelector('.cx-acc__btn');if(b)b.setAttribute('aria-expanded','true');});var first=document.getElementById('acc-apr27');setTimeout(function(){var r=first.getBoundingClientRect();window.scrollTo({top:r.top+(window.pageYOffset||document.documentElement.scrollTop)-100,behavior:'smooth'});},50);})()" onkeydown="if(event.key==='Enter'||event.key===' '){event.preventDefault();this.click();}">
<td>25-Apr-2026</td>
<td>Dark Web Leak</td>
<td>Data exfiltrated from Checkmarx GitHub repos March 30 using compromised credentials from March wave; cyber-criminals published to dark web April 25</td>
<td class="cx-link-col">Incident Update: Monday, April 27, 2026<br />Incident Update: Sunday, April 26, 2026</td>
</tr>
<tr tabindex="0" data-target="acc-apr22" onclick="(function(t){var i=document.getElementById(t);if(!i)return;i.classList.add('is-open');var b=i.querySelector('.cx-acc__btn');if(b)b.setAttribute('aria-expanded','true');setTimeout(function(){var r=i.getBoundingClientRect();window.scrollTo({top:r.top+(window.pageYOffset||document.documentElement.scrollTop)-100,behavior:'smooth'});},50);})('acc-apr22')" onkeydown="if(event.key==='Enter'||event.key===' '){event.preventDefault();this.click();}">
<td>22-Apr-2026</td>
<td>Second Wave Artifacts</td>
<td>Cached credentials enable publication of malicious KICS Docker image, updated VSCode &amp; DevAssist extensions, and GitHub Action</td>
<td class="cx-link-col">Incident Update: Wednesday, April 22, 2026</td>
</tr>
<tr tabindex="0" data-target="acc-mar23" onclick="(function(t){var i=document.getElementById(t);if(!i)return;i.classList.add('is-open');var b=i.querySelector('.cx-acc__btn');if(b)b.setAttribute('aria-expanded','true');setTimeout(function(){var r=i.getBoundingClientRect();window.scrollTo({top:r.top+(window.pageYOffset||document.documentElement.scrollTop)-100,behavior:'smooth'});},50);})('acc-mar23')" onkeydown="if(event.key==='Enter'||event.key===' '){event.preventDefault();this.click();}">
<td>23-Mar-2026</td>
<td>Supply Chain Entry</td>
<td>Team PCP compromises Trivy; stolen credentials used to publish malicious GitHub Actions &amp; VSCode extensions to OpenVSX</td>
<td class="cx-link-col">Incident Update: Monday, March 23, 2026</td>
</tr>
</tbody>
</table>
</div>
<h2 class="cx-section-title article-anchor" id="actions-taken">Actions Taken</h2>
<p>Since the first day of the incident, Checkmarx has been conducting active investigation, and remediation efforts. Key actions taken to date include:</p>
<ul>
<li>Removed malicious artifacts and published clean, verified replacements across all affected channels</li>
<li>Rotated and revoked exposed credentials, with validation and follow-up rotation continuing as the investigation progresses</li>
<li>Blocked outbound access to attacker-controlled infrastructure</li>
<li>Implementing additional security controls, tools, and access restrictions within our development environment</li>
<li>Locked down access to affected GitHub repositories while the investigation continues</li>
<li>Engaged law enforcement and notified relevant authorities</li>
<li>Retained Mandiant, an elite incident response and digital forensics firm, to bolster our investigation</li>
<li>Conducting a code audit to verify no further malicious code is present beyond findings already identified</li>
<li>Reviewing our environments for any indications of further compromise</li>
</ul>
<p>We are now in the final stages of our investigation. We will provide further updates as our investigation progresses.</p>
<h2 class="cx-section-title article-anchor" id="incident-updates">Incident Updates</h2>
<div class="cx-acc" id="cx-incident-acc">
<div class="cx-acc__item" id="acc-jun4">
<button type="button" class="cx-acc__btn" aria-expanded="false" onclick="var i=this.parentNode;i.classList.toggle('is-open');this.setAttribute('aria-expanded',i.classList.contains('is-open'));return false;">Incident Update: Thursday, June 4, 2026</button></p>
<div class="cx-acc__panel">
<div class="cx-acc__panel-inner">
<p>We continue to work with our incident response specialists, including Mandiant, to finalize our investigation following the supply chain incident that occurred in March. They are conducting multiple parallel workstreams focused on verified remediation, additional security hardening, and threat hunting.</p>
<p>Based on their review to date, Mandiant has confirmed the following:</p>
<ul>
<li>The AWS production environment was not impacted</li>
<li>There was no threat actor access to the Checkmarx One SaaS environment</li>
<li>Mandiant confirmed that threat actor activity was limited to the Checkmarx GitHub environment, a limited number of infected workstations, and initial reconnaissance of Checkmarx AWS credentials</li>
<li>Malicious code was removed from the Checkmarx GitHub environment</li>
<li>The last evidence of threat actor activity within the Checkmarx environment occurred on April 22, 2026</li>
</ul>
<p>In parallel with the investigation, Checkmarx is partnering with Mandiant on a program of containment and hardening across our development and production environments. Mandiant&rsquo;s completed and validated work to date includes enhancements to our GitHub organization settings and CI/CD pipeline security, elimination of long-lived static credentials in favor of stronger authentication methods, and additional hardening and monitoring across our AWS environments. This work is ongoing and Mandiant is actively validating Checkmarx&rsquo;s credential rotation.</p>
<p>Rest assured, our primary goal continues to be communicating with you transparently and providing updates as new information becomes available. We thank our customers for your patience as we work with Mandiant to finalize our investigation and we will continue to work hard to maintain your trust in our products and services.</p>
</div>
</div>
</div>
<div class="cx-acc__item" id="acc-may22">
<button type="button" class="cx-acc__btn" aria-expanded="false" onclick="var i=this.parentNode;i.classList.toggle('is-open');this.setAttribute('aria-expanded',i.classList.contains('is-open'));return false;">Incident Update: Friday, May 22, 2026</button></p>
<div class="cx-acc__panel">
<div class="cx-acc__panel-inner">
<p>Over the past week and while our investigation is continuing, we held a series of conversations and calls with our customers so they could hear directly from us about the progress we are making in our response to the supply chain incident. We hope that these sessions were helpful in better understanding what has happened and what actions Checkmarx is taking in response.</p>
<p>We are sharing below the FAQs from these conversations. If you have further questions, please continue to direct these to your Checkmarx account team.</p>
<h3>Frequently Asked Questions</h3>
<h4>What is the status of the investigation?</h4>
<p>While we are continuing to investigate, we want to reiterate two key points from our investigation so far:</p>
<ul>
<li>The incident occurred within our GitHub environment. To date, our investigation has not identified impact beyond the Checkmarx GitHub environment and a limited number of infected workstations. As an added precautionary measure in the meantime, we proactively disconnected our release pipeline from production during the initial stages of our response.</li>
<li>The malicious artifacts did not override previously published, known safe versions. Customers using versions or SHAs published prior to the affected timeframes (see below) are not affected by the artifact compromises themselves. A full list of affected artifacts, malicious tags and SHAs, is available in the updates here below and in the Customer Support Portal.</li>
</ul>
<p>We have retained Mandiant, an elite incident response, digital forensics, and threat intelligence firm to confirm and further support our investigation, security hardening, and threat hunting efforts and to ensure no residual access remains. We will provide further updates as our investigation progresses.</p>
<h4>What measures are being taken to prevent this from happening again?</h4>
<p>We are undertaking, in partnership with Mandiant, a thorough investigation and implementing a robust set of containment measures and forward-looking controls to protect Checkmarx and our customers. To date, we have revoked all publishing permissions, revoked all classic GitHub personal access tokens, moved to OIDC authentication across the SDLC, and deployed additional monitoring and forensic tooling.</p>
<p>We are continuing to work alongside Mandiant to conduct a structured verification phase to confirm the scope of the incident and that no residual access paths remain.</p>
<h4>What steps should customers take to protect themselves?</h4>
<p>We recommend that our customers follow these best practices:</p>
<ul>
<li>Pin to specific SHAs rather than mutable tags (latest, debian, alpine)</li>
<li>Disable auto-update on IDE extensions</li>
<li>Scan images at pull time and validate signatures</li>
<li>Restrict egress from CI runners to an allowlist; monitor outbound connections for unexpected domains</li>
<li>Treat CI runner credentials as short-lived and tightly scoped.</li>
</ul>
<p>In addition, a full list of recommended actions for our customers can be found in the incident updates below.</p>
<h4>Was the May 9 Jenkins AST plugin activity part of the original incident?</h4>
<p>Our assessment based on currently available evidence is that the threat actor was able to leverage access, obtained as part of the March incident, to later publish the modified version of the Jenkins plugin on May 9. This plugin has now been removed and clean replacement versions have been published (2.0.13-848.v76e89de8a_053 and 2.0.13-847.v08c0072b_2fd5).</p>
<p>The malicious payload associated with the modified plug-in targets lists of file paths for common applications, each tailored to a specific operating system (WIN, LINUX, OSX). After determining the OS, it traverses the corresponding file list looking for credentials. Targeted applications include crypto wallets, VPNs, AWS, and Github. We are still conducting malware analysis to understand the specific paths, but to date we have not seen any references to Jenkins.</p>
<p>If you use the Jenkins AST plugin, we recommend the following actions:</p>
<ul>
<li>Ensure you are on one of those versions or on 2.0.13-829.vc72453fa_1c16 from December 17, 2025 or earlier. The malicious window was 2026-05-09 01:25 UTC to 2026-05-10 08:47 UTC. We recommend rotating all credentials that the pipeline that executed the malicious payload has access to.</li>
<li>Hunt across your environment using the indicators below.</li>
</ul>
<h4>File Characteristics</h4>
<div class="cx-data-table-wrap">
<table class="cx-data-table">
<thead>
<tr>
<th>File Name</th>
<th>File Type</th>
<th>Size (bytes)</th>
<th>MD5</th>
<th>SHA256</th>
</tr>
</thead>
<tbody>
<tr>
<td>cli.js</td>
<td>TXT</td>
<td>488,465</td>
<td>9f9f83795fc162b7e44bc6859fc80535</td>
<td>08352b4c37808a25895cda1cae27ec8a83cf7ee9de15e2d4dd9560a2906730f4</td>
</tr>
</tbody>
</table>
</div>
<h4>Network-based Indicators</h4>
<p><strong>Connections</strong></p>
<ul>
<li>hxxps[:]//api[.]github[.]com:443/user</li>
<li>hxxps[:]//registry[.]npmjs[.]org:443/-/whoami</li>
</ul>
<p><strong>HTTP Headers</strong></p>
<ul>
<li>User-Agent: node</li>
<li>Accept: application/vnd.github+json</li>
</ul>
<h4>Has any customer data been affected as part of this incident?</h4>
<p>Based on currently available evidence, we believe that the data the threat actor published to the dark web originated from Checkmarx&rsquo;s GitHub repository. As standard practice, we do not store customer data in our GitHub repository. The investigation into the nature and scope of any impacted data remains ongoing. We will notify customers individually if any personal or sensitive data relating to them was affected.</p>
<h4>Will you share a written incident summary with customers?</h4>
<p>We will share a post-incident summary covering findings, remediation, and forward-looking controls with customers upon request.</p>
</div>
</div>
</div>
<div class="cx-acc__item" id="acc-may9">
<button type="button" class="cx-acc__btn" aria-expanded="false" onclick="var i=this.parentNode;i.classList.toggle('is-open');this.setAttribute('aria-expanded',i.classList.contains('is-open'));return false;">Incident Update: Saturday, May 9, 2026</button></p>
<div class="cx-acc__panel">
<div class="cx-acc__panel-inner">
<p>We are aware that a modified version of the Checkmarx Jenkins AST plugin was published to the Jenkins Marketplace. We are in the process of publishing a new version of this plug-in.</p>
<p>If you are using Checkmarx Jenkins AST Plugin, you need to ensure that you are using the version 2.0.13-829.vc72453fa_1c16 that was published on Dec. 17, 2025 or previously.</p>
<p>We will continue to share updates as we have them available.</p>
<p><strong>Checkmarx Jenkins AST Plugin IOCs (malicious artifacts)</strong></p>
<div class="cx-data-table-wrap">
<table class="cx-data-table">
<tbody>
<tr>
<td class="cx-label">Marketplace</td>
<td><a href="https://plugins.jenkins.io/checkmarx-ast-scanner/">Checkmarx AST Scanner (plugins.jenkins.io)</a></td>
</tr>
<tr>
<td class="cx-label">Version</td>
<td>2026.5.09</td>
</tr>
<tr>
<td class="cx-label">File</td>
<td>checkmarx-ast-scanner-2026.5.09.hpi</td>
</tr>
<tr>
<td class="cx-label">SHA256</td>
<td>01ff1e56fd59a8fa525d97e670f7f297a1a204331b89b2cd4e36a9abc6419203</td>
</tr>
<tr>
<td class="cx-label">File</td>
<td>checkmarx-ast-scanner-2026.5.09.jar</td>
</tr>
<tr>
<td class="cx-label">SHA256</td>
<td>f50a96d26a5b0beb29de4127e82b2bf350c21511e5a43d286e43f798dc6cd53f</td>
</tr>
<tr>
<td class="cx-label">File</td>
<td>checkmarx-ast-scanner-2026.5.09.pom</td>
</tr>
<tr>
<td class="cx-label">SHA256</td>
<td>3ddb8967919a801b3c383e58cddceab21138134c6a26560d99e2672e86f36f2a</td>
</tr>
<tr>
<td class="cx-label">Window</td>
<td>2026-05-09 01:25:00 UTC to 2026-05-10 08:47:00 UTC</td>
</tr>
</tbody>
</table>
</div>
<h3>Latest SHAs:</h3>
<p>
2.0.13-848.v76e89de8a_053<br />
Released: May 9, 2026<br />
SHA-1: 65e4fbfbfb66dfd4a6e2e521e879cfa1b5745282<br />
SHA-256: db7e0a5eb292810fb9d68224596dd3fa887d094f37021073fb5b5b2a232bcd23<br />
Requires Jenkins 2.452.4
</p>
<p>
2.0.13-847.v08c0072b_2fd5<br />
Released: May 9, 2026<br />
SHA-1: f430ce10bf8bb66ab133a257ab4063b8055d23de<br />
SHA-256: 894c1a245f30ffe168f4dfda48f36ba5c1bc9da7d0f093a8095d8aed92d0fcd8<br />
Requires Jenkins 2.452.4
</p>
</div>
</div>
</div>
<div class="cx-acc__item" id="acc-apr27">
<button type="button" class="cx-acc__btn" aria-expanded="false" onclick="var i=this.parentNode;i.classList.toggle('is-open');this.setAttribute('aria-expanded',i.classList.contains('is-open'));return false;">Incident Update: Monday, April 27, 2026</button></p>
<div class="cx-acc__panel">
<div class="cx-acc__panel-inner">
<h3>What happened?</h3>
<p>On March 23, 2026, Checkmarx identified a cybersecurity incident originating from the Trivy Supply Chain Attack. The cybersecurity community previously reported on March 19 that the TeamPCP attack affecting the Trivy scanner could potentially be used to harvest credentials from downstream users.</p>
<p>While we are still investigating the incident, we believe this is the likely vector that enabled the attackers to obtain credentials and to gain unauthorized access to our GitHub repositories. As a result of that access, the attackers were able to interact with Checkmarx&rsquo;s GitHub environment and subsequently publish malicious code to certain artifacts.</p>
<p>As part of our investigation into the incident, we identified that exfiltration of data took place on March 30, 2026. A cybercriminal group subsequently published data related to Checkmarx to the dark web on April 25. Current evidence indicates that this data originated from Checkmarx&rsquo;s GitHub repositories, and that access to those repositories was facilitated through the initial supply chain attack of March 23, 2026.</p>
<p><strong>Importantly, Checkmarx&rsquo;s GitHub repositories are maintained separately from our customer production environment. As standard practice, we do not store customer data in our GitHub repository.</strong></p>
<h3>Incident Timeline</h3>
<div class="cx-banner">● FROM MARCH 23 — DAY ONE ONWARDS<br />
<span style="font-weight:400;display:block;margin-top:6px;">Checkmarx has been conducting active containment, investigation, remediation and communication efforts continuously from the first day of the incident.</span>
</div>
<div class="cx-data-table-wrap">
<table class="cx-evtable">
<tbody>
<tr class="cx-month">
<td colspan="4">— MARCH —</td>
</tr>
<tr>
<td class="cx-bar cx-bar-breach"></td>
<td class="cx-date">Mar 23</td>
<td class="cx-tag cx-tag-breach">EVENT</td>
<td>
<strong>Compromised artifacts published</strong><br />
Malicious Checkmarx artifacts are published. Attacker pushes malicious code directly into the Checkmarx GitHub repository.</p>
<p>Containment, investigation, remediation and communication efforts commenced immediately, and remain ongoing.
</td>
</tr>
<tr class="cx-month">
<td colspan="4">— APRIL —</td>
</tr>
<tr>
<td class="cx-bar cx-bar-persistence"></td>
<td class="cx-date">Apr 22</td>
<td class="cx-tag cx-tag-persistence">PERSISTENCE</td>
<td>
<strong>Compromised artifacts published</strong><br />
A second wave of malicious Checkmarx artifacts are published, indicating continued or renewed attacker access.
</td>
</tr>
<tr>
<td class="cx-bar cx-bar-disclosure"></td>
<td class="cx-date">Apr 25</td>
<td class="cx-tag cx-tag-disclosure">DISCLOSURE</td>
<td>
<strong>LAPSUS$ publishes stolen data</strong><br />
LAPSUS$ publicly releases data stamped March 30, nearly one month after the suspected exfiltration of data from the Checkmarx GitHub repository by the attacker.
</td>
</tr>
</tbody>
</table>
</div>
<div class="cx-legend">
<span><span class="cx-sq" style="background:#c0392b;"></span>Breach / Exfiltration</span><br />
<span><span class="cx-sq" style="background:#d4a017;"></span>Persistence</span><br />
<span><span class="cx-sq" style="background:#1f6feb;"></span>Disclosure</span>
</div>
<h3>Actions we have taken</h3>
<p>Upon identification of the incident, Checkmarx commenced a formal investigation and engaged external forensic specialists to support that work.</p>
<p>Initial steps Checkmarx took to contain and remediate the incident included:</p>
<ul>
<li>Removed unauthorized code and published clean artifacts</li>
<li>Implemented additional safeguards within our development and distribution workflows</li>
<li>Rotated credentials identified as potentially exposed, with validation and follow-up rotation continuing as the investigation progressed</li>
<li>Reviewed our environments for indications of further compromise</li>
</ul>
<p>Following evidence of further malicious artifacts we took additional steps to strengthen our security posture:</p>
<ul>
<li>Engaged law enforcement to make them aware of the incident</li>
<li>Retained Mandiant, an elite incident response, digital forensics, and threat intelligence firm to bolster our investigation efforts</li>
<li>Conducted a wider rotation of credentials across the environment</li>
<li>Implemented additional security controls, tools, and access restrictions within our development environment</li>
<li>Performed additional reviews of access pathways and integrations</li>
<li>We have locked down access to the affected GitHub repositories while the investigation continues</li>
<li>A code audit is also currently underway to verify that no further malicious code is present beyond the findings already identified</li>
</ul>
<p>We are now in the final stages of our investigation and confirming that the unauthorised access has been fully contained. We will share further on this as soon as we are able.</p>
<h3>Additional Information</h3>
<p>We have communicated with our customers throughout this process and will continue to provide relevant updates as more information becomes available. Further information, including recommended steps customers can take, is available on our Support Portal or in our Security Updates.</p>
</div>
</div>
</div>
<div class="cx-acc__item" id="acc-apr26">
<button type="button" class="cx-acc__btn" aria-expanded="false" onclick="var i=this.parentNode;i.classList.toggle('is-open');this.setAttribute('aria-expanded',i.classList.contains('is-open'));return false;">Incident Update: Sunday, April 26, 2026</button></p>
<div class="cx-acc__panel">
<div class="cx-acc__panel-inner">
<h3>New Development: GitHub Repository</h3>
<p>We are writing to inform you of a new development in the ongoing Checkmarx supply chain security incident.</p>
<p>Our investigation, conducted with support from a leading third-party forensic firm, indicates that a cybercriminal group has published data related to Checkmarx to the dark web. Based on current evidence, we believe this data originated from Checkmarx&rsquo;s GitHub repository, and that access to that repository was facilitated through the initial supply chain attack of March 23, 2026.</p>
<p><strong>Checkmarx&rsquo;s GitHub repository is maintained separately from our customer production environment. As standard practice, we do not store customer data in our GitHub repository.</strong> Our forensic investigation is ongoing and we are actively working to verify the nature and scope of the posted data.</p>
<p>As part of our immediate response, we have locked down access to the affected GitHub repository while the investigation continues.</p>
<p>If we determine that customer information was involved in this incident, we will notify customers and all relevant parties immediately.</p>
<p>We expect to share a more detailed update within 24 hours.</p>
<h3>Questions and Support</h3>
<p>If you have questions about this incident or need assistance assessing your environment, please open a case via the <a href="https://support.checkmarx.com/s/" target="_blank" rel="noopener">Support Portal</a>.</p>
</div>
</div>
</div>
<div class="cx-acc__item" id="acc-apr22">
<button type="button" class="cx-acc__btn" aria-expanded="false" onclick="var i=this.parentNode;i.classList.toggle('is-open');this.setAttribute('aria-expanded',i.classList.contains('is-open'));return false;">Incident Update: Wednesday, April 22, 2026</button></p>
<div class="cx-acc__panel">
<div class="cx-acc__panel-inner">
<h3>What Happened</h3>
<p>On April 22, we communicated with customers about a new development in the supply chain security incident that our team is actively investigating and addressing. We deeply value the trust you place in Checkmarx and are committed to keeping our customers informed as we continue to respond.</p>
<p>As part of our immediate response, we retained outside experts and are working around the clock to get to the bottom of this as quickly as possible. In the interim, we are sharing key findings to-date and recommended actions for our customers to take.</p>
<h3>Key Findings</h3>
<p>Notably, our investigation thus far indicates that the malicious artifacts did <strong>not</strong> override previously published, known safe versions. Customers using versions or SHAs published prior to the affected timeframes are <strong>not affected.</strong></p>
<h3>Affected Artifacts</h3>
<p>The following artifacts have been identified as potentially affected:</p>
<ol>
<li>
<strong>Checkmarx public DockerHub KICS image</strong> &mdash; <a href="https://hub.docker.com/r/checkmarx/kics">https://hub.docker.com/r/checkmarx/kics</a></p>
<ol>
<li>Malicious tags: v2.1.20-debian, v2.1.21-debian, debian, v2.1.21, v2.1.20, alpine, v2.1.20, v2.1.21, latest</li>
<li>Malicious SHAs: sha256:222e6bfed0f3b, sha256:9183908decd0f, sha256:a6871deb0480e, sha256:ff7b0f114f87c, sha256:1b01a97753780, sha256:2588a44890263, sha256:54f8a56bf1f71, sha256:d186161ae8e33, sha256:415610a42c5b5, sha256:e35bc6afc4857, sha256:a0d9366f6f016, sha256:903eef3c05f6e, sha256:26e8e9c5e53c9, sha256:7391b531a07fc, sha256:4c963fa00e585</li>
<li>Timeframe: from 2026-04-22 12:31:35.883 UTC to 2026-04-22 12:59:46.562 UTC</li>
</ol>
</li>
<li>
<strong>Checkmarx public ast-github-action</strong> &mdash; <a href="https://github.com/checkmarx/ast-github-action">https://github.com/checkmarx/ast-github-action</a></p>
<ol>
<li>Malicious tags: 2.3.35</li>
<li>Timeframe: from 2026-04-22 14:17:59 UTC to 2026-04-22 15:41:31 UTC</li>
</ol>
</li>
<li>
<strong>Checkmarx VS Code extension</strong></p>
<ol>
<li>Microsoft marketplace: <a href="https://marketplace.visualstudio.com/items?itemName=checkmarx.ast-results">https://marketplace.visualstudio.com/items?itemName=checkmarx.ast-results</a>
</li>
<li>Open VSX marketplace: <a href="https://open-vsx.org/extension/checkmarx/ast-results">https://open-vsx.org/extension/checkmarx/ast-results</a>
</li>
<li>Malicious tags: 2.63, 2.66</li>
<li>Timeframe &mdash; Microsoft marketplace: From 2026-04-22 13:06:00 UTC to 2026-04-22 17:48:00 UTC<br />Timeframe &mdash; Open-VSX marketplace: From 2026-04-22 13:06:00 UTC to 2026-04-22 21:20:00 UTC</li>
</ol>
</li>
<li>
<strong>Checkmarx Developer Assist extension</strong></p>
<ol>
<li>Microsoft marketplace: <a href="https://marketplace.visualstudio.com/items?itemName=checkmarx.cx-dev-assist">https://marketplace.visualstudio.com/items?itemName=checkmarx.cx-dev-assist</a>
</li>
<li>Open VSX marketplace: <a href="https://open-vsx.org/extension/checkmarx/cx-dev-assist">https://open-vsx.org/extension/checkmarx/cx-dev-assist</a>
</li>
<li>Malicious tags: 1.17, 1.19</li>
<li>Timeframe &mdash; Microsoft marketplace: From 2026-04-22 13:06:00 UTC to 2026-04-22 17:48:00 UTC<br />Timeframe &mdash; Open-VSX marketplace: From 2026-04-22 13:06:00 UTC to 2026-04-22 21:20:00 UTC</li>
</ol>
</li>
</ol>
<h3>Actions We&rsquo;ve Taken</h3>
<p>To date, in response to this development we have:</p>
<ol>
<li>Removed the malicious artifacts;</li>
<li>Revoked and rotated exposed credentials;</li>
<li>Blocked outbound access to attacker-controlled infrastructure;</li>
<li>Reviewed our environments for any signs of further compromise.</li>
<li>Initiated a forensic investigation with the assistance of an independent, third-party forensic firm.</li>
</ol>
<h3>Recommended Actions</h3>
<p>We recommend that our customers take the following steps as soon as possible:</p>
<ol>
<li>Block access to these domains and IP addresses:
<ol>
<li>checkmarx.cx =&gt; 91[.]195[.]240[.]123</li>
<li>audit.checkmarx.cx =&gt; 94[.]154[.]172[.]43</li>
</ol>
</li>
<li>Use pinned SHAs and review or disable auto-update settings in IDE marketplaces</li>
<li>Rotate secrets and credentials if a compromise is suspected or detected
<ol>
<li>DockerHub KICS image: latest, v2.1.20, alpine, Debian</li>
<li>Checkmarx ast-github-action: v2.3.36</li>
<li>Checkmarx VS Code extensions: v2.67.0</li>
<li>Checkmarx Developer Assist extension: v1.18.0</li>
</ol>
</li>
</ol>
<h3>Guidance for CxSAST On-Premise Customers</h3>
<p>We have received questions from customers running CxSAST on-premise about whether their environments are within the scope of this incident. This communication outlines what is, and is not, in scope for your specific environment (Cx SAST on-premises and CxSAST hosted), and the limited circumstance under which you may need to take action.</p>
<h3>Scope Summary</h3>
<p>Based on our investigation to date, the artifacts confirmed as compromised in this incident are externally distributed components associated with Checkmarx One. They are not part of, and are not delivered with, a CxSAST on-premise installation. Specifically:</p>
<ul>
<li>
<strong>CxSAST on-premise itself was not compromised.</strong> The incident affected externally distributed artifacts, not the CxSAST product or its installer.</li>
<li>
<strong>Checkmarx One (SaaS) infrastructure has not been identified as compromised.</strong> We mention this for completeness, as customer questions often span both deployment models.</li>
<li>The compromised GitHub Actions (<code>checkmarx/ast-github-action</code> and <code>checkmarx/kics-github-action</code>) are used to invoke Checkmarx One scans from CI/CD pipelines. They are not used by CxSAST on-premise customers in that role.</li>
<li>The compromised VS Code extensions (<code>checkmarx.ast-results</code> and <code>checkmarx.cx-dev-assist</code>) are the Checkmarx One IDE integrations. The CxSAST on-premise IDE plugin is a separate component and was not affected.</li>
</ul>
<p>Although CxSAST on-premise is out of scope for the compromised artifacts, an incident of this nature warrants standard security vigilance regardless of deployment model. Below we outline the specific conditions that would require a CxSAST on-premise customer to take action as a result of this incident.</p>
<h3>Action Required If Applicable</h3>
<p>If your organization independently uses the open-source KICS scanner — specifically by pulling the public KICS image from Docker Hub (<a href="https://hub.docker.com/r/checkmarx/kics">hub.docker.com/r/checkmarx/kics</a>) outside of any CxSAST or Checkmarx One workflow — we recommend further action if the image was pulled during the affected time window. This image is distinct from the CxSAST product and from the IaC scanning capability built into Checkmarx One.</p>
<p>The compromised KICS image was present on Docker Hub during the following window:</p>
<ul>
<li>From 2026-04-22 12:31:35 UTC to 2026-04-22 12:59:46 UTC.</li>
</ul>
<p>If you did not pull from Docker Hub during this window, you do not need to take further action. If you did, or are uncertain, please verify the image SHA against the list of malicious SHAs in our <a href="https://checkmarx.com/blog/ongoing-security-updates/"><strong>public advisory</strong></a> and treat any match as a potential compromise of the host that pulled the image and take further action as appropriate.</p>
<h3>Precautionary Actions for All Customers</h3>
<p>For most CxSAST on-premise customers, no product-level remediation is required. As precautionary measures aligned with the broader incident, we recommend:</p>
<ul>
<li>Block outbound access at the network perimeter to: <code>checkmarx.cx</code> (91.195.240.123), <code>audit.checkmarx.cx</code> (94.154.172.43), <code>updates.checkmarx.cx</code> (94.154.172.183), and <code>checkmarx.zone</code> (associated with the March 23 round).</li>
<li>If your developers use VS Code, confirm that any installed Checkmarx extensions are sourced from the official Microsoft VS Code Marketplace and are current safe versions (<code>ast-results</code> v2.67.0 and Developer Assist v1.18.0 or v1.20.0). Consider temporarily disabling auto-update on these extensions until the investigation is closed.</li>
<li>Review CI/CD logs and developer workstation telemetry for outbound connections to any of the domains and IPs above during the affected windows.</li>
</ul>
<h3>Where to Go for Help</h3>
<p>For environment-specific questions, please open a Support case via the Support Portal at <a href="https://support.checkmarx.com/s/">support.checkmarx.com</a>.</p>
<p>We will continue to update this page as our investigation progresses.</p>
<h3>Next Steps</h3>
<p>This is an ongoing investigation. Please continue to monitor the <a href="https://support.checkmarx.com/CheckmarxCustomerServiceCommunity/s/article/Checkmarx-Security-Incident-22-April-2026">Checkmarx Community Incident Page</a> for more information.</p>
<p>If you have questions about this development, please open a case via the Support Portal.</p>
<p>We are grateful for your continued support and patience as we work to address this incident.</p>
</div>
</div>
</div>
<div class="cx-acc__item" id="acc-mar23">
<button type="button" class="cx-acc__btn" aria-expanded="false" onclick="var i=this.parentNode;i.classList.toggle('is-open');this.setAttribute('aria-expanded',i.classList.contains('is-open'));return false;">Incident Update: Monday, March 23, 2026</button></p>
<div class="cx-acc__panel">
<div class="cx-acc__panel-inner">
<p>On March 23, 2026, Checkmarx identified a cybersecurity supply chain incident affecting certain Checkmarx-related developer artifacts distributed via third-party channels.</p>
<p>This post contains a structured overview of the incident and the steps we have taken to date, as well as additional resources to support our clients and team members.</p>
<h3>What Happened</h3>
<p>On March 23, 2026, Checkmarx was the target of a cybersecurity supply chain incident which affected two specific plugins distributed via the OpenVSX marketplace and two of our GitHub Actions workflows.</p>
<h3>OpenVSX Plugins</h3>
<p>On March 23, 2026, at approximately 02:53 UTC, malicious versions of two plugins were published to the OpenVSX registry.</p>
<p>Only organizations that downloaded the following artifacts from OpenVSX on 23 March, 2026 between 02:53 UTC and 15:41 UTC and ran it are potentially impacted by this incident.</p>
<ul>
<li>ast-results-2.53.0.vsix</li>
<li>cx-dev-assist-1.7.0.vsix</li>
</ul>
<p>The affected plug-ins are no longer available and all older GitHub versions have been permanently removed.</p>
<p>Plugins downloaded from the VS Code Marketplace were not affected.</p>
<h3>Recommended actions</h3>
<p>The following guidance is provided as a precautionary measure to support customer-led assessments and remediation, where relevant to their environments.</p>
<p>If a client downloaded and ran either of the above extensions from the Open VSX registry, their organization may be affected.</p>
<p>If the client organization may have been affected, we strongly recommend taking the following steps as soon as possible.</p>
<p><strong>1. Remove Malicious Components</strong></p>
<ul>
<li>Uninstall the following VSIX extensions from all environments:
<ul>
<li>checkmarx.ast-results-2.53.0.vsix</li>
<li>checkmarx.cx-dev-assist-1.7.0.vsix</li>
</ul>
</li>
<li>use ast-github-action &ndash; v2.3.33 only</li>
<li>use kics-github-action &ndash; v2.1.20 only</li>
<li>Ensure they are removed from:
<ul>
<li>All developer machines</li>
<li>All VSCode profiles and environments</li>
</ul>
</li>
</ul>
<p><strong>2. Revoke and Rotate Credentials</strong></p>
<h3>GitHub Actions</h3>
<p>An issue was also identified in KICS and AST GitHub Action on March 23, 2026. The attacker injected malicious payloads into the following GitHub Actions workflows which were available between 12:58 and 16:50 UTC:</p>
<ul>
<li>checkmarx/ast-github-action</li>
<li>checkmarx/kics-github-action</li>
</ul>
<p>Maintainers revoked the affected tags, securing access, and preventing unauthorized changes.</p>
<p>All GitHub Actions have been updated to the following latest verified releases, and all older versions have been permanently deleted from the organization&rsquo;s repositories:</p>
<ul>
<li>ast-github-action &mdash; v2.3.33 (released March 23, 2026)</li>
<li>kics-github-action &mdash; v2.1.20 (released March 23, 2026)</li>
</ul>
<p>Both versions are the only ones available in our repos. All pipelines must reference these versions exclusively or newer.</p>
<h3>Recommended actions</h3>
<p>If you downloaded the malicious versions of either plugin (ast-results-2.53.0.vsix or cx-dev-assist-1.7.0.vsix) from OpenVSX during the affected period, we strongly recommend following these precautionary steps:</p>
<ul>
<li>Revoke and rotate all secrets and credentials accessible to CI runners during the affected period, including GitHub Personal Access Tokens (PATs), cloud service credentials, and repository or organization-level secrets.</li>
<li>Review GitHub Actions runs, search for suspicious indicators such as references to tpcp.tar.gz, aquasecurity, or checkmarx.zone, and check for unexpected repositories like tpcp-docs. In case you spot any occurrences of these, please remove them or contact the Checkmarx Support for guidance.</li>
<li>Revoke access to the following tokens, and issue new ones:
<ul>
<li>GitHub credentials</li>
<li>Microsoft Azure access</li>
<li>Google Cloud (GCP) access</li>
<li>AWS access</li>
<li>Kubernetes service account tokens and kubeconfigs</li>
<li>SSH keys</li>
<li>Docker registry credentials</li>
</ul>
</li>
<li>Block Malicious Infrastructure by restricting access to checkmarx[.]zone and review historical network traffic for any communication with this domain</li>
<li>Review logs and systems for GitHub activity such as unexpected API usage, suspicious repositories or artifacts such as docs-tpcp and/or tpcp.tar.gz, unauthorized releases or CI-triggered changes</li>
<li>For any revoked token, key or credentials from previous stages:
<ul>
<li>Review related activity within exposure time frame, to validate no lateral movement took place</li>
<li>Monitor for any future attempts to use these credentials to identify ongoing attempts to attack infrastructure</li>
</ul>
</li>
</ul>
<h3>Containment &amp; Remediation</h3>
<p>Upon identification of the issue, we took immediate steps to contain and remediate the incident. We removed the unauthorized code, pinned our workflows to safe verified commit SHAs, revoked and rotated relevant credentials, blocked outbound access to the attacker-controlled domain, and reviewed our environments for any signs of further compromise.</p>
<h3>Investigation Status</h3>
<p>We have commenced a formal investigation and engaged external forensic specialists to support that work. This investigation is ongoing and includes investigating the behaviour and objectives of the malicious code.</p>
<p>Available information indicates that the primary functionality of the code was focused on the attempted collection and exfiltration of credentials and secrets from affected environments, without evidence to date that such data was successfully exfiltrated from any customer environment.</p>
<p>Based on the investigation to date, and subject to the evidential limitations described below, we recommend continued vigilance and that you notify us promptly if you become aware of any suspicious activity.</p>
<p>While the investigation is ongoing, to date, we do not have evidence indicating that the incident resulted in unauthorised access to customer data or systems, that data held by Checkmarx has been accessed, nor can we yet confirm that any particular customer environment was compromised.</p>
<p>It is important to note that because the affected artefacts execute within customer-controlled environments, confirmation of whether a particular customer was impacted depends on an assessment of those environments, rather than on telemetry held by Checkmarx. Those CI/CD pipelines and developer workstations are customer-controlled environments, and Checkmarx does not have independent visibility into their execution or logs.</p>
</div>
</div>
</div>
</div>
<h2 class="cx-section-title article-anchor" id="commitment">Our Commitment to You</h2>
<p>Protecting the security and privacy of our clients and team members is a responsibility we hold to the highest standard. The investigation into the nature and scope of any impacted data remains ongoing. We will notify customers individually if any personal or sensitive data relating to them was affected.</p>
<p>If you have questions or need assistance assessing your environment, please reach out to our security team at <a href="mailto:infosec@checkmarx.com">infosec@checkmarx.com</a> or open a case via the <a href="https://support.checkmarx.com/s/" target="_blank" rel="noopener">Support Portal</a>. Detailed assessment and remediation guidance, including indicators of compromise and recommended next steps, is also available on the Support Portal.</p>
<h2 class="cx-section-title article-anchor" id="faqs">Frequently Asked Questions</h2>
<div class="cx-acc" id="cx-faq-acc">
<div class="cx-acc__item">
<button type="button" class="cx-acc__btn" aria-expanded="false" onclick="var i=this.parentNode;i.classList.toggle('is-open');this.setAttribute('aria-expanded',i.classList.contains('is-open'));return false;">What is the status of the investigation?</button></p>
<div class="cx-acc__panel">
<div class="cx-acc__panel-inner">
<p>While we are continuing to investigate, we want to reiterate two key points from our investigation so far:</p>
<ul>
<li>The incident occurred within our GitHub environment. To date, our investigation has not identified impact beyond the Checkmarx GitHub environment and a limited number of infected workstations. As an added precautionary measure in the meantime, we proactively disconnected our release pipeline from production during the initial stages of our response.</li>
<li>The malicious artifacts did not override previously published, known safe versions. Customers using versions or SHAs published prior to the affected timeframes (see below) are not affected by the artifact compromises themselves. A full list of affected artifacts, malicious tags and SHAs, is available in the updates here below and in the Customer Support Portal.</li>
</ul>
<p>We have retained Mandiant, an elite incident response, digital forensics, and threat intelligence firm to confirm and further support our investigation, security hardening, and threat hunting efforts and to ensure no residual access remains. We will provide further updates as our investigation progresses.</p>
</div>
</div>
</div>
<div class="cx-acc__item">
<button type="button" class="cx-acc__btn" aria-expanded="false" onclick="var i=this.parentNode;i.classList.toggle('is-open');this.setAttribute('aria-expanded',i.classList.contains('is-open'));return false;">What measures are being taken to prevent this from happening again?</button></p>
<div class="cx-acc__panel">
<div class="cx-acc__panel-inner">
<p>We are undertaking, in partnership with Mandiant, a thorough investigation and implementing a robust set of containment measures and forward-looking controls to protect Checkmarx and our customers. To date, we have revoked all publishing permissions, revoked all classic GitHub personal access tokens, moved to OIDC authentication across the SDLC, and deployed additional monitoring and forensic tooling.</p>
<p>We are continuing to work alongside Mandiant to conduct a structured verification phase to confirm the scope of the incident and that no residual access paths remain.</p>
</div>
</div>
</div>
<div class="cx-acc__item">
<button type="button" class="cx-acc__btn" aria-expanded="false" onclick="var i=this.parentNode;i.classList.toggle('is-open');this.setAttribute('aria-expanded',i.classList.contains('is-open'));return false;">What steps should customers take to protect themselves?</button></p>
<div class="cx-acc__panel">
<div class="cx-acc__panel-inner">
<p>We recommend that our customers follow these best practices:</p>
<ul>
<li>Pin to specific SHAs rather than mutable tags (latest, debian, alpine)</li>
<li>Disable auto-update on IDE extensions</li>
<li>Scan images at pull time and validate signatures</li>
<li>Restrict egress from CI runners to an allowlist; monitor outbound connections for unexpected domains</li>
<li>Treat CI runner credentials as short-lived and tightly scoped.</li>
</ul>
<p>In addition, a full list of recommended actions for our customers can be found in the incident updates above.</p>
</div>
</div>
</div>
<div class="cx-acc__item">
<button type="button" class="cx-acc__btn" aria-expanded="false" onclick="var i=this.parentNode;i.classList.toggle('is-open');this.setAttribute('aria-expanded',i.classList.contains('is-open'));return false;">Was the May 9 Jenkins AST plugin activity part of the original incident?</button></p>
<div class="cx-acc__panel">
<div class="cx-acc__panel-inner">
<p>Our assessment based on currently available evidence is that the threat actor was able to leverage access, obtained as part of the March incident, to later publish the modified version of the Jenkins plugin on May 9. This plugin has now been removed and clean replacement versions have been published (2.0.13-848.v76e89de8a_053 and 2.0.13-847.v08c0072b_2fd5).</p>
<p>The malicious payload associated with the modified plug-in targets lists of file paths for common applications, each tailored to a specific operating system (WIN, LINUX, OSX). After determining the OS, it traverses the corresponding file list looking for credentials. Targeted applications include crypto wallets, VPNs, AWS, and Github. We are still conducting malware analysis to understand the specific paths, but to date we have not seen any references to Jenkins.</p>
<p>If you use the Jenkins AST plugin, we recommend the following actions:</p>
<ul>
<li>Ensure you are on one of those versions or on 2.0.13-829.vc72453fa_1c16 from December 17, 2025 or earlier. The malicious window was 2026-05-09 01:25 UTC to 2026-05-10 08:47 UTC. We recommend rotating all credentials that the pipeline that executed the malicious payload has access to.</li>
<li>Hunt across your environment using the indicators below.</li>
</ul>
<p><strong>File Characteristics</strong></p>
<div class="cx-data-table-wrap">
<table class="cx-data-table">
<thead>
<tr>
<th>File Name</th>
<th>File Type</th>
<th>Size (bytes)</th>
<th>MD5</th>
<th>SHA256</th>
</tr>
</thead>
<tbody>
<tr>
<td>cli.js</td>
<td>TXT</td>
<td>488,465</td>
<td>9f9f83795fc162b7e44bc6859fc80535</td>
<td>08352b4c37808a25895cda1cae27ec8a83cf7ee9de15e2d4dd9560a2906730f4</td>
</tr>
</tbody>
</table>
</div>
<p><strong>Network-based Indicators</strong></p>
<p>Connections:</p>
<ul>
<li>hxxps[:]//api[.]github[.]com:443/user</li>
<li>hxxps[:]//registry[.]npmjs[.]org:443/-/whoami</li>
</ul>
<p>HTTP Headers:</p>
<ul>
<li>User-Agent: node</li>
<li>Accept: application/vnd.github+json</li>
</ul>
</div>
</div>
</div>
<div class="cx-acc__item">
<button type="button" class="cx-acc__btn" aria-expanded="false" onclick="var i=this.parentNode;i.classList.toggle('is-open');this.setAttribute('aria-expanded',i.classList.contains('is-open'));return false;">Has any customer data been affected as part of this incident?</button></p>
<div class="cx-acc__panel">
<div class="cx-acc__panel-inner">
<p>Based on currently available evidence, we believe that the data the threat actor published to the dark web originated from Checkmarx&rsquo;s GitHub repository. As standard practice, we do not store customer data in our GitHub repository. The investigation into the nature and scope of any impacted data remains ongoing. We will notify customers individually if any personal or sensitive data relating to them was affected.</p>
</div>
</div>
</div>
<div class="cx-acc__item">
<button type="button" class="cx-acc__btn" aria-expanded="false" onclick="var i=this.parentNode;i.classList.toggle('is-open');this.setAttribute('aria-expanded',i.classList.contains('is-open'));return false;">Will you share a written incident summary with customers?</button></p>
<div class="cx-acc__panel">
<div class="cx-acc__panel-inner">
<p>We will share a post-incident summary covering findings, remediation, and forward-looking controls with customers upon request.</p>
</div>
</div>
</div>
<div class="cx-acc__item">
<button type="button" class="cx-acc__btn" aria-expanded="false" onclick="var i=this.parentNode;i.classList.toggle('is-open');this.setAttribute('aria-expanded',i.classList.contains('is-open'));return false;">How can a customer determine whether its specific environment was affected?</button></p>
<div class="cx-acc__panel">
<div class="cx-acc__panel-inner">
<p>Determining whether a specific environment was affected requires a structured assessment across two vectors: CI/CD pipelines and developer workstations.</p>
<p><strong>Assessment &mdash; CI/CD pipelines (GitHub Actions):</strong></p>
<ol>
<li>Search all GitHub workflow files (.github/workflows/*.yml) for references to checkmarx/kics-github-action and checkmarx/ast-github-action.</li>
<li>If references are identified, determine the version or tag in use (e.g., @main, @v2.3.32, a commit SHA).</li>
<li>Ascertain whether any workflow runs referencing these actions occurred during the affected window in March 2026. GitHub Actions run logs are retained for a configurable period and should be reviewed for the relevant timeframe.</li>
<li>If runs occurred during the affected window, review runner logs for: outbound connections to checkmarx[.]zone, execution of a setup.sh script not forming part of the customer&rsquo;s own workflow, or any anomalous network activity.</li>
</ol>
<p><strong>Assessment &mdash; Developer workstations (Open VSX plugins):</strong></p>
<ol>
<li>Identify all developers utilizing VS Code within the organization.</li>
<li>Determine whether Checkmarx extensions were installed from the Open VSX Registry (open-vsx.org) rather than the official VS Code Marketplace (marketplace.visualstudio.com).</li>
<li>Verify the extension version and installation or last-update timestamp. Any Checkmarx VS Code extension installed or auto-updated from the Open VSX Registry during the affected window should be treated as potentially compromised.</li>
<li>Inspect the workstation for the relevant plugin directories (refer to FAQ F10 for applicable paths) and review proxy or DNS logs for connections to checkmarx[.]zone.</li>
</ol>
<p><strong>Important note regarding Checkmarx scan-based detection:</strong></p>
<p>Executing a Checkmarx SAST or SCA scan against your organization&rsquo;s codebase will not detect whether your environment was compromised by this incident. The incident involves malicious code executed within a CI/CD runner or IDE environment and does not constitute a vulnerability in application code that a scan would identify. Exposure assessment must be conducted through log analysis, workstation inspection, and credential audit as described above.</p>
</div>
</div>
</div>
<div class="cx-acc__item">
<button type="button" class="cx-acc__btn" aria-expanded="false" onclick="var i=this.parentNode;i.classList.toggle('is-open');this.setAttribute('aria-expanded',i.classList.contains('is-open'));return false;">How did the compromise happen, how was it discovered, and what is Checkmarx doing to prevent similar supply-chain attacks in the future?</button></p>
<div class="cx-acc__panel">
<div class="cx-acc__panel-inner">
<p>See Checkmarx Security Update, 26 March 2026 (<a href="https://checkmarx.com/blog/ongoing-security-updates/">https://checkmarx.com/blog/ongoing-security-updates/</a>)</p>
</div>
</div>
</div>
<div class="cx-acc__item">
<button type="button" class="cx-acc__btn" aria-expanded="false" onclick="var i=this.parentNode;i.classList.toggle('is-open');this.setAttribute('aria-expanded',i.classList.contains('is-open'));return false;">Which Checkmarx GitHub Actions and plugins were affected?</button></p>
<div class="cx-acc__panel">
<div class="cx-acc__panel-inner">
<p>Both checkmarx/ast-github-action and checkmarx/kics-github-action were affected by this incident, as were the two Open VSX Registry plugins referenced in Checkmarx&rsquo;s security communications.</p>
</div>
</div>
</div>
<div class="cx-acc__item">
<button type="button" class="cx-acc__btn" aria-expanded="false" onclick="var i=this.parentNode;i.classList.toggle('is-open');this.setAttribute('aria-expanded',i.classList.contains('is-open'));return false;">What IOCs can Checkmarx share (hashes, filenames/folders, domains, IPs, SHAs, setup.sh artifacts)?</button></p>
<div class="cx-acc__panel">
<div class="cx-acc__panel-inner">
<p>The following indicators of compromise (IOCs) have been identified through Checkmarx&rsquo;s investigation and independent third-party security research. The investigation remains ongoing and additional IOCs may be published.</p>
<p><strong>Malicious domain / command-and-control infrastructure:</strong></p>
<p>checkmarx[.]zone &mdash; This attacker-controlled domain was intended to be used for the exfiltration of any stolen credentials and secrets. Any outbound DNS query or HTTP/HTTPS connection to this domain originating from CI/CD runners or developer workstations during the affected window should be treated as a confirmed indicator of compromise.</p>
<p><strong>Malicious VSIX filenames (Open VSX):</strong></p>
<ul>
<li>ast-results-[version].vsix</li>
<li>cx-dev-assist-[version].vsix</li>
</ul>
<p>The specific filenames checkmarx.ast-results-2.53.0.vsix and checkmarx.cx-dev-assist-1.7.0.vsix have been referenced in customer communications. Customers should evaluate any version downloaded from the Open VSX Registry during the affected window, not solely these specific version numbers.</p>
<p><strong>On-disk extension directories:</strong></p>
<p>The presence of Open VSX-sourced Checkmarx extension directories within VS Code&rsquo;s extension folder constitutes a potential indicator. Refer to FAQ F10 for applicable file paths.</p>
<p><strong>Runner artifacts (setup.sh):</strong></p>
<p>The compromised GitHub Actions injected a script (setup.sh) on the CI/CD runner as part of the action&rsquo;s initialization sequence. The presence of this script or associated runner artifacts constitutes a behavioral indicator of compromise. The full contents of setup.sh cannot be publicly disclosed at this time given the ongoing investigation.</p>
<p><strong>File hashes (SHA256) &mdash; sourced from Wiz threat intelligence reporting:</strong></p>
<p>ast-results-2.53.0.vsix: 65bd72fcddaf938cefdf55b3323ad29f649a65d4ddd6aea09afa974dfc7f105d</p>
<p>cx-dev-assist-1.7.0.vsix: 744c9d61b66bcd2bb5474d9afeee6c00bb7e0cd32535781da188b80eb59383e0</p>
</div>
</div>
</div>
<div class="cx-acc__item">
<button type="button" class="cx-acc__btn" aria-expanded="false" onclick="var i=this.parentNode;i.classList.toggle('is-open');this.setAttribute('aria-expanded',i.classList.contains('is-open'));return false;">Which credentials, secrets, or keys must be rotated, and was only GitHub affected or potentially other credentials too?</button></p>
<div class="cx-acc__panel">
<div class="cx-acc__panel-inner">
<p>The malicious payload embedded in both the GitHub Actions and the Open VSX plugins was designed to exfiltrate environment variables and secrets from the execution context of the affected GitHub repository.</p>
<p><strong>Credentials at risk &mdash; GitHub Actions (CI/CD):</strong></p>
<p>Any secret configured within the affected GitHub repository or organization and accessible to the workflow at the time the compromised action executed is potentially at risk. This includes, but is not limited to: GITHUB_TOKEN, API keys, cloud provider credentials, database credentials, and Checkmarx API tokens.</p>
<p><strong>Credentials at risk &mdash; Developer workstations (Open VSX plugin exposure):</strong></p>
<p>Any credential accessible within the VS Code environment, including those stored in environment variables, configuration files, or tokens used by the IDE, should be treated as potentially at risk.</p>
<p><strong>Credentials requiring rotation:</strong></p>
<ol>
<li>All GitHub repository secrets in any repository or organization where the compromised actions executed.</li>
<li>Checkmarx API keys and tokens used within the affected pipelines.</li>
<li>Cloud provider credentials (AWS, Azure, GCP) if present as environment variables in affected workflows.</li>
<li>All other API keys, tokens, or passwords configured as GitHub secrets or environment variables in the affected workflows.</li>
<li>On developer workstations: any tokens or secrets stored in VS Code settings, environment variables, or configuration files where the malicious Open VSX plugin was installed and active.</li>
</ol>
</div>
</div>
</div>
<div class="cx-acc__item">
<button type="button" class="cx-acc__btn" aria-expanded="false" onclick="var i=this.parentNode;i.classList.toggle('is-open');this.setAttribute('aria-expanded',i.classList.contains('is-open'));return false;">Will Checkmarx provide a formal root-cause analysis (RCA) report?</button></p>
<div class="cx-acc__panel">
<div class="cx-acc__panel-inner">
<p>Checkmarx recognizes that many enterprise customers — particularly those in regulated industries or with formal vendor risk management programs — require a written root-cause analysis or incident statement from strategic suppliers following a supply chain security incident such as this.</p>
<p>Checkmarx is committed to providing material updates, and preparing a post-incident report. While the investigation is still ongoing — including with support from a third-party forensic firm we have engaged — we expect the report to include:</p>
<ul>
<li>Our findings with respect to the root cause and attack vector exploited by the TeamPCP threat actor, as established by the investigation</li>
<li>A timeline of events from initial compromise through detection and remediation</li>
<li>Findings with respect to affected artifacts and the scope of customer impact, as confirmed by the investigation</li>
<li>The remediation actions taken by Checkmarx</li>
<li>Forward-looking preventive controls to enhance Checkmarx&rsquo;s security posture</li>
</ul>
</div>
</div>
</div>
<div class="cx-acc__item">
<button type="button" class="cx-acc__btn" aria-expanded="false" onclick="var i=this.parentNode;i.classList.toggle('is-open');this.setAttribute('aria-expanded',i.classList.contains('is-open'));return false;">Does this incident affect Checkmarx One SaaS / cloud or scanning engines, and do SaaS-only customers need to take action?</button></p>
<div class="cx-acc__panel">
<div class="cx-acc__panel-inner">
<p>The Checkmarx One SaaS platform, including cloud-hosted scanning engines, the Checkmarx One web application, and associated backend services, do not appear to be affected by this incident.</p>
<p>This incident constitutes a supply-chain compromise targeting specific open-source distribution artifacts (GitHub Actions and Open VSX plugins). It does not represent a breach of Checkmarx&rsquo;s SaaS infrastructure. It does not appear that the threat actor obtained access to Checkmarx One customer tenants, customer data, scan results, or the platform&rsquo;s internal systems.</p>
<p>Notwithstanding the above, SaaS customers who utilize the affected GitHub Actions (checkmarx/kics-github-action or checkmarx/ast-github-action) within their own CI/CD pipelines, or whose developers installed plugins sourced from the Open VSX Registry, may be indirectly affected.</p>
<p>We understand the residual risk pertains to the customer&rsquo;s own CI/CD runner environments and developer workstations on which the malicious code may have executed.</p>
<p><strong>Recommended action for SaaS customers:</strong></p>
<p>If your organization does not use checkmarx/kics-github-action or checkmarx/ast-github-action in its GitHub pipelines and developers do not use Open VSX-sourced plugins, no specific action with respect to the SaaS platform is required. If the affected GitHub Actions are in use, any runner that executed those actions during the affected window should be treated as potentially compromised, and customers should follow the remediation guidance including credential rotation, log review, and runner inspection. We recommend heightened vigilance at this time.</p>
</div>
</div>
</div>
<div class="cx-acc__item">
<button type="button" class="cx-acc__btn" aria-expanded="false" onclick="var i=this.parentNode;i.classList.toggle('is-open');this.setAttribute('aria-expanded',i.classList.contains('is-open'));return false;">Which versions, tags, and time windows were affected, and which versions are safe now?</button></p>
<div class="cx-acc__panel">
<div class="cx-acc__panel-inner">
<p><strong>Affected versions and tags:</strong></p>
<p><strong>checkmarx/ast-github-action:</strong></p>
<ul>
<li>3.32 was compromised.</li>
<li>References to @main during the exposure window (March 2026) were compromised.</li>
<li>Any unpinned or floating reference that resolved to a compromised commit during the exposure window should be treated as affected.</li>
</ul>
<p><strong>checkmarx/kics-github-action:</strong></p>
<ul>
<li>All versions and tags active on the @main branch during the exposure window (March 2026) were compromised.</li>
<li>Any unpinned or floating reference that resolved during the exposure window should be treated as affected.</li>
</ul>
<p><strong>Open VSX plugins:</strong></p>
<ul>
<li>ast-results v2.53.0 was compromised.</li>
<li>cx-dev-assist v1.7.0 was compromised.</li>
<li>Any version of either plugin installed or auto-updated from the Open VSX Registry during the exposure window should be treated as compromised.</li>
</ul>
<p><strong>Safe versions (post-remediation):</strong></p>
<ul>
<li>checkmarx/ast-github-action v2.3.33 or later has been confirmed clean.</li>
<li>checkmarx/kics-github-action: pin to a version or commit SHA published following remediation; customers should confirm the specific safe tag with their Checkmarx account team.</li>
<li>Open VSX plugins: reinstall from the official VS Code Marketplace. Current Marketplace versions are confirmed clean.</li>
<li>@main as of the date of remediation references clean code; however, pinning to an explicit version tag or commit SHA is strongly recommended as best practice.</li>
</ul>
<p><strong>Exposure window:</strong></p>
<p>Malicious artifacts were active during March 2026. The precise commencement date remains under investigation. Any pipeline execution or plugin installation or auto-update occurring during this period should be evaluated for potential exposure.</p>
</div>
</div>
</div>
<div class="cx-acc__item">
<button type="button" class="cx-acc__btn" aria-expanded="false" onclick="var i=this.parentNode;i.classList.toggle('is-open');this.setAttribute('aria-expanded',i.classList.contains('is-open'));return false;">Is a third party involved in the investigation, what is the investigation timeline, and has/will the incident be reported to regulators or law enforcement?</button></p>
<div class="cx-acc__panel">
<div class="cx-acc__panel-inner">
<p>Yes. We have appointed external breach counsel, and a leading forensics expert to assist with our investigation. We are unable to provide an estimated timeline. At this stage, we are notifying regulators and law enforcement as we deem necessary.</p>
</div>
</div>
</div>
</div>
</div>
<p><script data-no-optimize="1" data-no-minify="1" data-cfasync="false">/*<![CDATA[*/
(function(){function fix(){if(window.innerWidth>=992)return;try{var el=document.querySelector('.cx-incident');if(!el)return;var vw=document.documentElement.clientWidth;var node=el;var safety=0;while(node&&node!==document.documentElement&&safety<25){safety++;try{node.style.setProperty('max-width',vw+'px','important');node.style.setProperty('overflow-x','hidden','important');node.style.setProperty('box-sizing','border-box','important');}catch(e){}node=node.parentElement;}document.documentElement.style.setProperty('overflow-x','hidden','important');document.documentElement.style.setProperty('max-width',vw+'px','important');document.body.style.setProperty('overflow-x','hidden','important');document.body.style.setProperty('max-width',vw+'px','important');document.body.style.setProperty('width','100%','important');}catch(e){}}fix();if(document.readyState==='loading'){document.addEventListener('DOMContentLoaded',fix);}window.addEventListener('load',fix);setTimeout(fix,500);setTimeout(fix,1500);window.addEventListener('resize',fix);window.addEventListener('orientationchange',fix);})();
/*]]&gt;*/</script></p>
]]></content:encoded>
					
		
		
		
	</item>
		<item>
		<title>When Findings Spark Debate Instead of Fixes: Aligning AppSec and Development</title>
		<link>https://checkmarx.com/blog/when-findings-spark-debate-instead-of-fixes-aligning-appsec-and-development/</link>
		
		<dc:creator><![CDATA[Rebecca Spiegel]]></dc:creator>
		<pubDate>Tue, 19 May 2026 09:39:26 +0000</pubDate>
				<category><![CDATA[AI & LLM Tools in Application Security]]></category>
		<category><![CDATA[Blog]]></category>
		<category><![CDATA[Agentic AI]]></category>
		<category><![CDATA[Agentic AppSec]]></category>
		<category><![CDATA[AI Agents]]></category>
		<category><![CDATA[AppSec]]></category>
		<guid isPermaLink="false">https://staging.checkmarx.com/?p=108791</guid>

					<description><![CDATA[When security findings lack context, developers lose time investigating instead of fixing. Here’s how AI-driven triage changes the workflow.]]></description>
										<content:encoded><![CDATA[<p class="wp-block-paragraph">Modern development teams are already balancing feature work, code reviews, production issues, and release deadlines. When a security finding lands without clear context, it doesn’t feel like a simple task. It feels like another investigation.</p>



<p class="wp-block-paragraph">Before you can fix anything, you need answers: Is this code actually reachable? Can an attacker exploit it? Is it exposed to a real application path? Are there controls already in place? Is this worth interrupting sprint work right now?</p>



<p class="wp-block-paragraph">Most alerts don’t answer any of those questions. They tell you a vulnerability exists – not if it matters. That’s largely a scanning problem: one practitioner calls static scanning an “<a href="https://appsecengineer.com/blog/every-ciso-needs-to-rethink-about-appsec-in-2025#:~:text=Why%20most%20AppSec%20programs%20become,alert%20factories">alert factory that nobody uses.</a>” When <a href="https://appsecengineer.com/blog/every-ciso-needs-to-rethink-about-appsec-in-2025#:~:text=Why%20most%20AppSec%20programs%20become,alert%20factories">80–90% of findings are irrelevant</a>, the result is a cycle no team wants. AppSec has to justify urgency, developers must reconstruct missing context, and everyone loses time that could have gone toward fixing the issues that matter.</p>



<p class="wp-block-paragraph">The bigger problem is not that security findings exist. It is that many findings arrive without the evidence developers need to make a confident engineering decision. Traditional scanners can identify patterns that may be risky, but they rarely answer the questions that determine whether a fix should interrupt current work.</p>



<p class="wp-block-paragraph">A function may be reachable but protected by authentication, input validation, network controls, or other safeguards. Another issue may look less severe on paper but become urgent because it sits in a public-facing workflow or touches sensitive data. A low-severity finding in a public-facing workflow can be far more dangerous than a critical bug buried in an internal module.</p>



<p class="wp-block-paragraph">Without context, <a href="https://checkmarx.com/ai-llm-tools-in-application-security/reachability-was-a-breakthrough-but-now-its-not-enough/#:~:text=Checkmarx%C2%A0Triage%20Agent%20addresses%20this%C2%A0head%20on%C2%A0with%C2%A0Attackability%3A%C2%A0AI,prevent%20exploitation%C2%A0%E2%80%93%C2%A0and%20which%20do%20not">reachability alone is not enough</a>. Modern risk is compositional, shaped by deployment, exposure, identity, and data, not by code patterns.</p>



<p class="wp-block-paragraph">Without that context, the work falls to whoever picked up the ticket. Someone must trace the path, check exposure, review controls, assess impact, and determine whether the issue is exploitable in this application, not just theoretically possible in code.</p>



<h2 class="wp-block-heading article-anchor" id="smarter-triage-context-driven-data-driven-decisions">Smarter Triage: Context-Driven, Data-Driven Decisions </h2>



<p class="wp-block-paragraph">A better triage process should answer the obvious engineering questions before a finding reaches the backlog. Instead of asking developers to investigate every possible issue from scratch, modern triage tools use AI and execution context to validate which findings are actually exploitable in the application.</p>



<p class="wp-block-paragraph">In practice, a smart triage layer correlates scan results with runtime data, permissions, architecture, and policies. The output is not just another severity label. It’s evidence: the relevant path through the code, the attacker-controlled input, the potential impact, and whether existing controls prevent exploitation.</p>



<p class="wp-block-paragraph">Checkmarx’s Attackability analysis is designed to provide evidence by tracing attacker-controlled inputs from real ingress points through the code to potential impact, then verifying which security controls are in place. The result is a verdict of demonstrated exploitability or not, with code-level evidence attached.</p>



<p class="wp-block-paragraph">That shifts the conversation from “maybe it’s exploitable” to a clear yes or no question. By validating findings with facts, teams stop arguing in the abstract. The report shows precisely how an issue is or isn’t reachable and exploitable, so you can align with security on facts, not time-consuming assumptions. With Attackability data, AppSec can confidently say &#8220;this vulnerability is exploitable under these conditions, and here’s the proof&#8221; (or alternatively, &#8220;we can mark this issue low risk, because x, y, z controls make exploitation infeasible&#8221;).</p>



<p class="wp-block-paragraph">Analysts put it plainly that &#8220;a finding without context is a tax,&#8221; because <a href="https://projectdiscovery.io/blog/new-report-state-of-appsec-2026-security-at-engineering-speed">it forces a human to ask the only question that matters</a>: &#8220;Is this exploitable here and now? If not, why bother fix it at this point?&#8221; Front-loading that context and verification means only high-fidelity, relevant alerts reach the backlog.</p>



<h2 class="wp-block-heading article-anchor" id="automated-remediation-turning-decisions-into-fixes">Automated Remediation: Turning Decisions Into Fixes</h2>



<p class="wp-block-paragraph">Triage helps teams agree on what matters. But you still need a practical path from validated risk to working code. Too often, even agreed-upon issues stall in handoffs or ticket threads. The fix is to automate “closing of the loop.”</p>



<p class="wp-block-paragraph">Enter remediation assistants that live in your developer workflow. These tools generate context-aware, merge-ready fixes for validated findings, usually as pull requests. For example, <a href="https://checkmarx.com/product/triage-and-remediation/#:~:text=Go%20from%20find%20to%20fix,faster">Checkmarx’s Remediation Assist</a> uses safe-refactoring principles to produce minimally invasive patches right where you already work. You can review the diff, run tests, inspect the logic, adjust the code if needed, and merge when it meets your standards.</p>



<p class="wp-block-paragraph">When remediation shows up as a pull request, you do not have to stop what you are doing to interpret a vague ticket, chase down context, or debate whether the finding is worth fixing. You can review the diff like any other code change, run your tests, adjust the code if needed, and merge when it meets your standards.</p>



<p class="wp-block-paragraph">Decisions become code almost instantly without any lag.</p>



<p class="wp-block-paragraph">That matters because the old model of manually reviewing, debating, assigning, fixing, and rechecking vulnerabilities isn’t keeping up with the speed of exploitation. <a href="https://blog.zerobot.info/one-billion-cisa-kev-records-human-scale-security-crisis#:~:text=A%20new%20report%20from%20the%20Qualys%20Threat%20Research,operational%20model%20underpinning%20enterprise%20security%20is%20fundamentally%20broken.">A 2026 Qualys Threat Research analysis</a> of more than one billion CISA KEV remediation records across 10,000 organizations found that manual remediation processes <strong>failed to keep pace with attackers 88% of the time</strong> across the most critical actively weaponized vulnerabilities studied. Organizations that performed better had operationalized remediation pipelines, giving their teams a faster way to move from <a href="https://blog.qualys.com/vulnerabilities-threat-research/2026/03/23/the-broken-physics-of-remediation">validated risk to completed fix</a>.</p>



<p class="wp-block-paragraph">The cost in developer time is just as significant. <a href="https://checkmarx.com/evolution-devsecops/">Checkmarx’s DevSecOps Evolution 2025 research</a> found that <strong>72% of devs spend more than 17 hours each week</strong> on security-related tasks, and <strong>one in four spends more than 25 hours</strong>. Automated triage and remediation reduces that burden by turning validated security decisions into reviewable code changes, so teams stay focused on building while still moving real risk to resolution.</p>



<h2 class="wp-block-heading article-anchor" id="results-fewer-arguments-faster-fixes">Results: Fewer Arguments, Faster Fixes</h2>



<p class="wp-block-paragraph">The outcome of this triage-and-remediation workflow is clear: fewer debates and far more fixes. With objective analysis in hand, security and engineering reach consensus faster. With remediation automation in place, vulnerabilities are closed before they linger. </p>



<p class="wp-block-paragraph">Teams that add automated remediation report mean-time-to-remediate shrinking from weeks to hours. Instead of arguing over false positives, teams ask “how do we fix this fastest?” Workflow-integrated triage eliminates the guesswork in risk evaluation and, paired with agentic remediation, it ensures that decision leads to a patch. The result is fewer vague tickets, clearer priorities, and more vulnerabilities resolved instead of debated.</p>]]></content:encoded>
					
		
		
		
	</item>
	</channel>
</rss>
