Checkmarx Announces First GenAI-powered AppSec Platform, Empowering Developers and AppSec Teams to Find and Fix Vulnerabilities Faster

Date:

Share post:

Checkmarx, the global leader in application security solutions, announced its new AI Query Builders and AI Guided Remediation to help development and AppSec teams more accurately discover and remediate application vulnerabilities.

The powerfully simple AI-driven features are available within the Checkmarx One™ Application Security Platform, the industry’s most comprehensive platform for reducing risk within today’s complex, cloud-native applications. This is the first in a series of planned AI-powered capabilities aimed at helping CISOs, AppSec teams and application developers deliver secure code faster.

AI Query Builder for SAST: One of the strengths of Checkmarx SAST is the flexibility to go wide or deep based on application criticality. Now, powered by AI Query Builder for SAST, developers and AppSec teams can use AI to write custom SAST queries (rules for scanning), fine-tune them, modify existing queries and add new use cases to increase their static coverage, all while reducing false positives by up to 90% and improving the fidelity of developers’ alerts.

AI Query Builder for IaC Security: This new query builder for  Checkmarx IaC Security allows developers, cloud engineers and AppSec teams to add new IaC queries (rules) with no prior knowledge needed. Powered by GPT4, AI Query Builder generates queries based on the entry of simple, human-readable text describing the search target. This dramatically reduces query creation time by up to 65%. Queries are built by GPT without sharing any user files or data and can be executed alongside the built-in queries in IaC Security or KICS by Checkmarx (currently in use by over three million developers), making it the first AI query builder available for open source.

AI Guided Remediation: Providing actionable remediation within integrated development environments (IDEs), AI Guided Remediation helps developers better understand IaC and API misconfigurations without additional resources. Now organisations can address issues in their IaC templates faster, reduce management overhead, boost developer adoption and deliver more secure applications faster.

Also Read: Why Component-Based is the Future of Front-End Development

“Checkmarx innovation is leveraging generative AI to disrupt and transform the way developers secure applications, bringing greater accuracy and guidance directly into the heart of their IDEs and processes,” said Sandeep Johri, CEO at Checkmarx. “We’re proud to push the industry forward with new AI-driven capabilities and to support CISOs and AppSec leaders to better support their development teams, making AppSec more effective and comprehensive as part of cloud and digital transformation.”

Purpose-built for cloud-native application development, Checkmarx One is highly scalable and integrates seamlessly with developers’ tools and IDEs of choice. The platform’s context-sensitive correlation engine, Checkmarx Fusion, along with API Security, Supply Chain Security, Supply Chain Threat Intelligence and comprehensive threat modeling are advanced capabilities in addition to SAST, SCA, DAST, and IaC Security to enable the industry’s most comprehensive and innovative application security approach. 

“The voice of our enterprise customers directly influences our technology roadmap,” said Checkmarx Chief R&D Officer Kobi Tzruya. “Understanding their challenges along with the opportunities brought by complementary technologies keeps us focused on the AppSec solutions they’ll need 10 years from now while speeding time-to-delivery today. With these new capabilities in Checkmarx One, we’re accommodating the requirements of both security and development teams within one platform.”

The Checkmarx AppSec research team recently discovered a vulnerability in the OpenAI ChatGPT signup process that allowed “unlimited” credit on new accounts. The team disclosed this finding to the OpenAI security team and worked collaboratively to close the vulnerability.

TalkDev Bureau
TalkDev Bureau
The TalkDev Bureau has five well-trained writers and journalists, well versed in B2B enterprise technology industry, and constantly in touch with industry leaders for the latest trends, opinions, and other inputs- to bring you the best and latest in the domain.
spot_img

Related articles

SEMIFIVE and Mobilint Collaborate to Launch 14nm AI Inference SoC Platform for Advanced Vision Applications and Hyperscale Data Centers

SEMIFIVE collaborated with Mobilint and announced the mass production of its 14nm AI  Inference SoC Platform. The platform is SEMIFIVE's third commercialization of its SoC  Platform solutions built on Samsung Foundry's mass production-proven FinFET process  technologies.  Mobilint's ARIES is an 80 TOPS custom AI inference chip designed for advanced vision  applications, edge servers, and hyperscale data centers. The platform allows customer-specific IPs, such as an AI NPU, to be added. It offers package design and performance, board support packages, and software development services. Read more -...

Sony Electronics Releases Firmware Updates for Alpha Cameras, Including Camera Authenticity Solution and C2PA Compliance

Sony Electronics has released firmware updates for Alpha 1, Alpha 7S III, Alpha 7 IV, and  Alpha 9 III. The update includes Camera Authenticity Solution, C2PA format support, and  new features to improve everyday use. These tools enable news agencies to ensure the  authenticity of images, contributing to industry efforts to protect creators and society from  fake imagery. The firmware updates are designed to promote ease of use for creators and maximize the  strengths of their cameras. The C2PA compliance enables Sony to offer the most secure and comprehensive solution to protect professional photographers, news agencies, and  society from manipulated imagery. Read more -...

Airties Introduces Orbit: An Automated Testing Platform for Managed Wi-Fi Deployments

Airties has launched Orbit, a continuous test automation platform for broadband service  providers, customer premises equipment (SoC) manufacturers, and system-on-chip (SoC)  manufacturers to support Smart Wi-Fi integrations and deployments. Airties Orbit manages a longstanding industry issue: ensuring consistent data accuracy an  performance measurement criteria across diverse Wi-Fi chipsets, embedded software, and  hardware combinations. The platform provides a complete and automated testing platform installed on-premises at  testing facilities of broadband service providers, CPE manufacturers, and SoC providers. It  allows operators, OEMs, and SoC manufacturers to verify performance confidently and  quickly. Read more - Airties Launches Orbit: Continuous Test Automation Platform for Managed Wi-Fi Deployments Check Out The New TalkDev...

The Importance of Game Engines in the Gaming Industry

The use of game engines has helped to boost the game development process and has contributed majorly to...