Checkmarx

🚀Record-breaking growth. Industry recognition. Game-changing innovation. Checkmarx One surpassed $150M ARR in less than 3 years, now securing the software of 865+ of the world’s largest enterprises.

Detection scaled. Execution didn’t. AppSec teams are flooded with findings, but fixes can’t keep up, especially as AI speeds up development. More alerts ≠ more security. What matters now is turning findings into outcomes. Read more 👇checkmarx.com/blog/stop-manu…

The rules of AppSec are changing in real time. When systems can interpret, decide, and act on their own, risk doesn’t stay in one place; it moves. Security teams can’t rely on fixed assumptions anymore; adaptability is the new baseline. A new piece from @ReversingLabs explores how that shift is playing out across the industry, featuring perspective from @ek121268. reversinglabs.com/blog/agentic-a…

If your developers are shipping faster than your security can keep up, something has to change. Join us tomorrow to see how Checkmarx Developer One Assist helps teams secure code as it’s generated, catching vulnerabilities in real time, right in the IDE. In this webinar, we will cover how to: ➡️ Detect and fix issues before they reach production ➡️ Auto-fix vulnerabilities, keeping your code fast and secure. ➡️ Secure AI-generated code without slowing delivery 🗓️Save your spot: checkmarx.com/webinars-devel……

The Checkmarx Partner Pulse 🤝 Where security conversations meet real-world connections, here’s what we have lined up with our partners this month: April 30 | Tysons, VA: GuidePoint Security GPSEC Forum – Register here: go.guidepointsecurity.com/2026_04_30_MA_… April 30 | Atlanta, GA: Guidepoint – Savannah's Bananas – Register here: go.guidepointsecurity.com/2026_05_08_SE_… May 8 | Dallas, TX: Trace3 - Dallas Golf Tournament – Reserve your spot: web.cvent.com/event/faaa0c62… May 12 | Los Angeles, CA: Dodgers vs. Giants Suite Experience – Join the waitlist: go.guidepointsecurity.com/2026_05_12_SW_… May 12 | Huntington Beach, CA: OptivCon Cybersecurity Summit – More details here: web.cvent.com/event/c5b69ebb… From deep-dive security conversations to standout experiences, we’re excited to keep building with our partners this season.

Security leaders: the old playbook is done. At the RSA Conference, Kayla Williams unpacks what happens when AI outpaces traditional AppSec workflows. Security can’t rely on intervention anymore. It has to be built into how software gets created, so speed doesn’t outpace risk. 🎥 Watch the full conversation with Kayla + Adi Kavaler → youtu.be/j-v_kC23T-E?si…

Over the past five weeks, Checkmarx has been managing a sophisticated, multi-stage supply chain attack: On March 23, we identified the initial compromise and on April 22, we identified a follow-on attack. Then, on April 25, a cybercriminal group published data they claim originated from our GitHub repository. The investigation is ongoing. We published an interim report today: checkmarx.com/blog/supply-ch…

We are aware of reports circulating today regarding a new development in the ongoing supply chain security incident identified on March 23, 2026. This is part of the same incident we have been actively investigating and communicating about. Our forensic investigation — conducted with leading third-party firms — is ongoing, and we are working to verify the nature and scope of the data that has been published. We deeply apologize for impact this is causing to customers. We are committed to keeping our customers, partners, and employees informed as soon as new information is learned. Our latest update is available here: checkmarx.com/blog/checkmarx… We will continue to update as we have more information as it is available.

The audit passed. Everything looked clean. The release moved forward. But AI had already introduced a new layer of risk… one that never showed up in the checks. Our latest ebook explores the 10 AI supply chain risks most teams aren’t accounting for, and why securing modern applications now requires more than just traditional AppSec. Download the guide → checkmarx.com/resources/10-a…

Shipping faster doesn’t mean you’re safer. Join us on May 5 for a live webinar on how security teams can keep pace with AI-driven development, and where DAST fits in. We’ll cover why runtime validation is now essential, where static analysis falls short, and what’s driving the shift toward DAST. 📅 May 5 | 1:00 PM CT Register now: checkmarx.com/security-cant-…

The expectations around product security are changing. With the Cyber Resilience Act, risk can’t just be identified; it has to be understood, documented, and managed across the entire lifecycle. That includes open source, third-party components, and now AI. We’re breaking this down in a live webinar on April 23 at 2:00 PM with Carsten Huth and David Dewaele. info.checkmarx.com/managing-cyber…

AI is changing application security, but not in the way most people think. As our recent newsletter outlines, the shift isn’t new vulnerabilities, it’s how quickly existing ones can be found and exploited. Most have been sitting in codebases and backlogs for years. What’s changed is the speed. Get the full breakdown here: linkedin.com/pulse/real-sto…

We’re proud to share that we have been named a Market Leader in Application Security by the Global InfoSec Awards from @cyberdefensemag. It’s a recognition that reflects a bigger shift happening across the industry. As software is built faster and systems become more interconnected, risk is no longer isolated to code. It now spans open source dependencies, AI-generated components, and runtime environments. checkmarx.com/press-releases…

Sandeep Johri sat down with @jd_durkin of @NYSE to talk about where application security is headed 👀⤵️ We’re building software differently than we were just a few years ago. AI is accelerating code creation. Open source now makes up the majority of modern applications. And developers are moving faster than ever, often working with code they didn’t fully write themselves. That’s not a flaw. It’s how innovation happens, but it does change the security equation. When volume goes up and visibility goes down, issues get harder to catch—and even harder to fix later. AppSec has to evolve: → earlier in the process → closer to the developer → with as little friction as possible Because in the age of AI, security has to move just as fast. Catch the full conversation here: youtube.com/watch?v=_O1VTf… #agenticapplicationsecurity #agenticappsec

Last week's announcement of Anthropic's Mythos model changed the security landscape overnight. AI can now uncover and weaponize decades-old vulnerabilities in minutes, at near-zero cost. This isn't a future risk. It's happening now. Tomorrow (April 15), Checkmarx is bringing together our product leadership to break down exactly what this means for enterprise AppSec and what you can do about it. 📌 AppSec in the Age of Mythos: Why Embedded, Agentic SDLC-Native Security Has Never Been More Important 📅 April 15, 2026 ⏰ 10:00 AM EST | 4:00 PM CET Hosted by CPO Jonathan Rende, VP of Product Ori Bendet, and Director of Product Frank Emery. We’ll cover: → What the Mythos moment means for democratized, AI-scaled hacking → How LLMs are amplifying insecure code, noise, and rework across the SDLC → Why automated, AI-driven AppSec is no longer optional → How Checkmarx AI SAST and agentic capabilities are built for what’s next 👉 Register: info.checkmarx.com/tomorrow_with_…… #AppSec #ApplicationSecurity #AIScaledHacking #Checkmarx #SDLC #CyberSecurity #AI

There’s a lot of focus right now on what AI can discover, especially with advances like Anthropic’s Mythos, but one of the more telling signals is what it’s already producing. Scanning activity has grown from billions to trillions of lines of code in a single year, and that kind of scale fundamentally changes the problem. Risk isn’t something that sits in a single vulnerability anymore. It’s building across code, dependencies, cloud configurations, and now AI-generated components, all interacting in ways that are harder to see and manage. As that system grows, so does the challenge of maintaining visibility, control, and accountability across it. As Jonathan outlines, this isn’t just a shift in tooling; it’s a shift in how application security needs to operate. More in our full blog: checkmarx.com/blog/checkmarx…

There’s a lot of noise around AI replacing parts of the security stack. Sandeep Johri takes a different view: “Platform shifts don’t erase disciplines; they expand them.” We’ve seen it before with the web, cloud, and mobile. AI is no different. It’s accelerating software and expanding risk. That’s the shift. More from Sandeep in @Forbes 👇forbes.com/councils/forbe…

The security landscape is evolving…fast.⚡ As AI becomes part of modern application development, teams are managing risk across a growing and more complex surface area. We’re joining Security LIVE! at AWS Partner Summit London to be part of that conversation. Register today to secure your spot: aws-experience.com/emea/smb/e/f79…

If you had to sum up AI in security in one word… what would it be? We put a CISO (Kayla Williams) and a CTO (Adi Kavaler) on the spot at #RSAC. Fast answers. No filter. 👉 Here’s what they said during our rapid fire Q&A series.