Checkmarx Launches Agentic AppSec Platform with Autonomous Security Agents — AI Supply Chain Security, DAST for AI, and Triage Assist at RSA 2026

Checkmarx unveiled a fundamentally redesigned Checkmarx One platform on March 16, 2026, specifically engineered for the era of agentic software development. The platform introduces autonomous security agents that match the speed and scale of AI-generated code, addressing the widening gap between development velocity and security assurance.

CORE PROBLEM:

As Checkmarx VP of Marketing Eran Kinsbruner told SD Times: "Traditional AppSec was never built to deal with AI coding, where code is generated at machine speed. The only way to stay on top of that is by matching the exact same capabilities, especially on the speed and scale." AI can generate thousands of lines of code in minutes — if organizations simply trust that output without security review, they create builds without code quality or security governance.

FIVE KEY INNOVATIONS:

1. TRIAGE ASSIST: An autonomous AI agent that prioritizes vulnerabilities in source control based on real-world exploitability and contextual risk. Instead of static severity scores (CVSS), it understands which vulnerabilities are actually exploitable in the specific codebase context.

2. REMEDIATION ASSIST: Automatically generates review-ready fixes for validated vulnerabilities before code merges. Developers review and approve rather than write fixes from scratch.

3. AI SUPPLY CHAIN SECURITY: Centralized governance for AI components in applications. Discovers hidden AI assets including models, agents, datasets, prompts, and AI-BOM elements. Detects model-loading and execution risks.

4. AI SAST: Hybrid LLM-powered and query-based analysis engine expanding detection across AI-generated programming languages.

5. DAST FOR AI: Next-gen dynamic analysis for runtime protection across CI/CD and production.

THE AGENTIC DEVELOPMENT LIFECYCLE:

Checkmarx defines an evolution from SDLC to ADLC (Agentic Development Lifecycle) with security control points at IDE, pull request, CI/CD, and production — each governed by autonomous AI security agents.

CEO Sandeep Johri: "The AI era has fundamentally disrupted the balance between software creation and assurance. It requires independent oversight and unified governance."

CPO Jonathan Rende: "AI has compressed the software development lifecycle from months to minutes. When applications move that fast, risk compounds just as quickly."