Download PDF version Contact company

Checkmarx, the pioneer in application security solutions, announced its new AI Query Builders and AI Guided Remediation to help development and AppSec teams more accurately discover and remediate application vulnerabilities.

The powerfully simple AI-driven features are available within the Checkmarx One™ Application Security Platform, the industry’s most comprehensive platform for reducing risk within complex, cloud-native applications. This is the first in a series of planned AI-powered capabilities aimed at helping CISOs, AppSec teams and application developers deliver secure code faster.

AI Query Builder for SAST

One of the strengths of Checkmarx SAST is the flexibility to go wide or deep based on application criticality. Now, powered by AI Query Builder for SAST, developers and AppSec teams can use AI to write custom SAST queries (rules for scanning), fine-tune them, modify existing queries and add new use cases to increase their static coverage, all while reducing false positives by up to 90% and improving the fidelity of developers’ alerts.

AI Query Builder for IaC Security

Powered by GPT4, AI Query Builder generates queries based on the entry of simple, human-readable text

This new query builder for Checkmarx IaC Security allows developers, cloud engineers and AppSec teams to add new IaC queries (rules) with no prior knowledge needed. Powered by GPT4, AI Query Builder generates queries based on the entry of simple, human-readable text describing the search target. This dramatically reduces query creation time by up to 65%. 

Queries are built by GPT without sharing any user files or data and can be executed alongside the built-in queries in IaC Security or KICS by Checkmarx (currently in use by over three million developers), making it the first AI query builder available for open source. 

AI Guided Remediation

Providing actionable remediation within integrated development environments (IDEs), AI Guided Remediation helps developers better understand IaC and API misconfigurations without additional resources. Now organisations can address issues in their IaC templates faster, reduce management overhead, boost developer adoption and deliver more secure applications faster.

Checkmarx innovation is leveraging generative AI to disrupt and transform the way developers secure applications, bringing greater accuracy and guidance directly into the heart of their IDEs and processes,” said Sandeep Johri, CEO at Checkmarx.

He adds, “We’re proud to push the industry forward with new AI-driven capabilities and to support CISOs and AppSec leaders to better support their development teams, making AppSec more effective and comprehensive as part of cloud and digital transformation.”

Comprehensive threat modeling

Checkmarx One is highly scalable and integrates seamlessly with developers’ tools and IDEs of choice

Purpose-built for cloud-native application development, Checkmarx One is highly scalable and integrates seamlessly with developers’ tools and IDEs of choice.

The platform’s context-sensitive correlation engine, Checkmarx Fusion, along with API Security, Supply Chain Security, Supply Chain Threat Intelligence and comprehensive threat modelling are advanced capabilities in addition to SAST, SCA, DAST, and IaC Security to enable the industry’s most comprehensive and innovative application security approach.  

The voice of our enterprise customers directly influences our technology roadmap,” said Checkmarx Chief R&D Officer Kobi Tzruya. “Understanding their challenges along with the opportunities brought by complementary technologies keeps us focussed on the AppSec solutions they’ll need 10 years from now while speeding time-to-delivery today. With these new capabilities in Checkmarx One, we’re accommodating the requirements of both security and development teams within one platform.”

Checkmarx AppSec research

The Checkmarx AppSec research team recently discovered a vulnerability in the OpenAI ChatGPT signup process that allowed “unlimited” credit on new accounts. The team disclosed this finding to the OpenAI security team and worked collaboratively to close the vulnerability. 

Checkmarx customers are invited to register for the Early Access program to gain access to the two AI Query Builders and AI Guided Remediation prior to general availability.

Download PDF version Download PDF version

In case you missed it

Anviz Global expands palm vein tech for security
Anviz Global expands palm vein tech for security

The pattern of veins in the hand contains unique information that can be used for identity. Blood flowing through veins in the human body can absorb light waves of specific wavelen...

Bosch sells security unit to Triton for growth
Bosch sells security unit to Triton for growth

Bosch is selling its Building Technologies division’s product business for security and communications technology to the European investment firm Triton. The transaction enc...

In age of misinformation, SWEAR embeds proof of authenticity into video data
In age of misinformation, SWEAR embeds proof of authenticity into video data

The information age is changing. Today, we are at the center of addressing one of the most critical issues in the digital age: the misinformation age. While most awareness of thi...

Quick poll
What is the most significant challenge facing smart building security today?