Checkmarx

AI finding zero-days makes for a great headline, but what actually happens when you put LLM-based vulnerability hunting to the test? Our Checkmarx Zero research team did exactly that, taking a deep look at Claude Opus 4.6 and its “security-review” capabilities to understand where it truly delivers value… and where important limits show up. The findings are nuanced. LLMs can surface real issues, but they can also miss vulnerabilities, inflate false positives, and struggle without a tightly-scoped context. This isn’t about hype. It’s about helping security teams make informed decisions. Read the full breakdown: https://lnkd.in/eBzMNsmY

When everything is labeled “critical,” nothing actually is. AppSec teams aren’t struggling to find vulnerabilities. They’re drowning in them. Every tool flags something. Every finding looks urgent. Developers lose clarity, and real risk slips through. In this piece, Emma Datny breaks down why severity alone isn’t enough and how contextual risk scoring helps teams focus on what actually matters. Because “critical” doesn’t always mean urgent. Read more: https://lnkd.in/e8hnR7GV

AI code security is becoming a category of its own. Claude’s Code Security announcement is a clear sign that AI-generated code is reshaping how detection works inside the IDE. That’s progress. But the bigger conversation isn’t just about finding vulnerabilities differently. It’s about securing an AI-driven development lifecycle end-to-end. From generation → to triage → to remediation → to governance. That’s where the real transformation is happening. 🚀 Eran Kinsbruner breaks down what this shift means for modern AppSec teams 👇https://lnkd.in/ePaPi73d #agenticapplicationsecurity #agenticappsec

AI is reshaping how software is built and how risk enters the system. On March 11, we’re partnering with Archipelo to explore what this shift means for modern security teams. Save the date. Registration details coming soon.

Today, engineers are configuring agents that generate and iterate on code at machine speed. When that happens, security can’t just show up after commit and hope to catch up. If AppSec isn’t part of the generation loop, it becomes the cleanup crew. We wrote about what this shift really means for roles, ownership, and security in 2026 and why the Agentic Development Lifecycle changes more than most teams realize. Full breakdown in our newsletter. 👇 #agenticapplicationsecurity #agenticappsec

#RSAC 2026 is almost here, and we’re showing up big. We’ll be in San Francisco March 23–26 with live demos, new launches, and real conversations about where AppSec is headed next. See you there: https://lnkd.in/etgUQ-BG #AgenticAppSec #AgenticApplicationSecurity

We’re bringing IDE-native, agentic application security to Kiro. 🚀 With new support directly in an AI-powered IDE, Checkmarx Developer Assist brings real-time security insight directly into AWS Kiro, right where developers are already working. No jumping between tools or waiting on downstream scans. Developer Assist runs directly in the Kiro workflow, helping developers spot and fix issues as code is written, while AppSec teams still get centralized visibility and control through Checkmarx One. The result: teams can move faster with AI-assisted development, without pushing risk to the end of the pipeline or slowing delivery. Learn more: https://lnkd.in/eGQpztg4 

Developers + AppSec = a match made in the IDE 💕 Happy early Valentine's Day to the developers who keep everything moving!

Security might be easy to talk about, but it's hard to operationalize at scale. Our customers are building fast, shipping often, and still raising the bar on security. Here’s what they’re saying about working with us. ⬇️

AI writes the code. Who guides the risk? As more developers lean on AI to move faster, the real challenge isn’t speed. It’s stopping insecure patterns from quietly sneaking into production. Checkmarx Developer Assist analyzes AI-generated code in real time, directly in the IDE, so AI-introduced risk gets caught early. 👉 Free trial now available: https://lnkd.in/e2hDu8mR #agenticapplicationsecurity #agenticappsec