Checkmarx Unveils Self-Healing Application Security in Assist Agent Family

New autonomous agents prevent vulnerabilities by securing code before it’s submitted

MOUNTAIN VIEW, Calif., July 14, 2026 (GLOBE NEWSWIRE) -- AI is generating code faster than teams can review it. Checkmarx, the leader in agentic application security, today addressed that gap by introducing self-healing application security: autonomous agents that detect, fix, and verify vulnerabilities as developers code.

Key Takeaways

  • Developer Assist now runs a continuous find-and-fix loop directly in AI coding tools through hooks, catching and fixing vulnerabilities as code is written with up to 70% less manual remediation effort.
  • Triage and Remediation agents autonomously prioritize what’s already in the codebase and generate merge-ready fixes, cutting manual triage and accelerating developer productivity.

Closing the Loop from Code to Backlog

According to Checkmarx's 2026 Future of Application Security report, 96% of developers now use AI coding tools, but only 18% apply security continuously as they write code, a gap autonomous remediation is designed to close.

In a study Checkmarx commissioned from independent researcher The Weather Report, published in July 2026, frontier models produced working code 83% to 95% of the time, but only 24% to 36% of that code was both secure and functional. Even a post-hoc security review lifted the secure-and-functional rate to only 47% to 56%, underscoring the gap that autonomous remediation is built to close.

"Security teams have spent a decade trying to keep pace with how fast code gets written, and AI just moved that goalpost again," said Harshil Parikh, VP of Product Management at Checkmarx. "The only way to close that gap is to stop treating detection and remediation as separate steps handled by separate tools and let the system fix what it finds."

"The goal is prevention – creating a continuous flow of clean code from the start and autonomous fixes before code reaches production," said Jonathan Rende, chief product officer at Checkmarx. "With autonomous remediation, fixes are applied while developers are still writing code, before it’s ever checked in, and what’s in the pipeline gets prioritized and expedited without having to think about it."

Developer Assist now works as a single remediation loop pre-commit. While the IDE, it runs autonomously through hooks and MCP. It detects a vulnerability, retrieves context from Checkmarx One, generates a fix and verifies it before code is committed. Developers using IDEs like Cursor, Windsurf or Kiro or a command-line interface (CLI) with LLMs like Claude Code can get the same autonomous loop without switching tools.

Once code reaches the backlog, Triage and Remediation agents take over. They isolate exploitable risk from severity noise using real-world reachability, what Checkmarx calls attackability, then generate merge-ready pull requests for the vulnerabilities that matter. Developers review and merge each fix; AppSec retains policy control and full traceability over every automated decision.

Validated in Production at PatientPoint

PatientPoint, a long-time Checkmarx customer in the healthcare technology space, has been an early user of Remediation Assist. Facing a growing vulnerability backlog as AI-assisted development accelerated the pace of code changes, the company's application security team used the agent to translate a large volume of findings to a small number of merge-ready pull requests for developers.

"Triage and Remediation Assist agents identified false positives and gave our developers the chance to review before merging; that's exactly what we wanted," said Femi Oyesanya, application security engineer at PatientPoint. "Our priority is to protect patient data, and this lets us do that without slowing developer productivity or driving up token costs."

Availability

Developer Assist’s autonomous mode, along with Triage Assist and Remediation Assist, are generally available now with Checkmarx One. To learn more, visit Checkmarx.com.

1 For dependency and package-upgrade work specifically, Developer Assist's Safe Refactor capability models a representative reduction in manual remediation effort of about 70%, cutting a typical six-hour package upgrade to 1.8 hours, an estimated $420 in developer time at $100 an hour.

About Checkmarx

Checkmarx is the leader in agentic application security, delivering enterprise-grade protection while lowering engineering costs and accelerating development velocity. The Checkmarx One platform scans trillions of lines of code each year, enabling companies to cut vulnerability density by more than half. Autonomous security agents continuously detect and counter AI-driven threats across the software development lifecycle, delivering prevention-first protection for legacy, modern, and AI-generated code at enterprise scale. Follow Checkmarx on LinkedIn, YouTube, and X.

For more information, contact:
PR@checkmarx.com


Primary Logo

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

Share this page:

Advanced Search Options

Search for:

Search scope:

Type:

Search in:

Date range:

The last

Sort by:

Sign up for:

STEM Times Cayman Islands

The daily local news briefing you can trust. Every day. Subscribe now.

By signing up, you agree to our Terms & Conditions.