Recently, two leading AI labs have made headlines with their latest moves into application-security automation. Google DeepMind’s CodeMender now promises to not only detect vulnerabilities but to automatically generate and validate patches that rewrite unsafe code. OpenAI’s Aardvark arrives as a GPT-5 powered “agentic security researcher,” capable of continuously monitoring repositories, assessing exploitability, and proposing fixes at scale. As agentic AI continues the transition from research labs into enterprise SDLCs, Checkmarx sees this as a pivotal moment for AppSec teams. The promise is real: code that’s resilient from the start, not just patched after the fact. In this blog, we’ll explore how these announcements shape what’s possible and how Checkmarx’s unified Agentic AppSec platform aligns with the emerging landscape of developer-first security and autonomously prevents security risks in real-time as developers author their code. Background In October 2025, Google’s DeepMind division announced its new Codemender AI-based application security agent. This new solution is equipped with a few capabilities around root cause analysis (RCA) that uses reasoning models together with code analysis tools (Static, Dynamic, and Fuzzing) to identify security defects. Codemender AI Agent Process (Source: Google DeepMind) In addition to the RCA capabilities, Google’s new agent claims to also be able to provide patching and automated validation of the fix, making it ready for human review prior to merging into the code repository. Ironically, because Codemender relies so heavily on LLM-driven analysis, which is admittedly prone to false positives—it must include an automated verification step to confirm each vulnerability before generating a patch. This built-in safeguard, while framed as a strength, actually highlights the fact that the model’s own output can’t be trusted without additional checks. In effect, in the manner of a self-containing loop, the AI is babysitting itself. This new agent is capable of performing repository-wide scanning, vulnerability discovery, automated remediation, and longer-term hardening of code. This advancement, as with Open AI’s feature are great indicators that the industry finally realizes not only the importance of AI Coding security, but more critically – that AI coding assistants’ detrimental contribution to code security is far greater than it was perceived. It can also be viewed as a self-admission by the providers of LLM-based code tools that AI-Gen code is so volatile and unwieldy that it can only be tackled by AI. At the exact same time, Open AI made an announcement of Aardvark, which is an agentic security researcher built on GPT-5 that continuously monitors codebases and intervenes proactively. Among the key capabilities that Aardvark carries, are: Full-repository threat modeling: Aardvark analyzes the full history and structure of a code base to build a contextual threat model, then monitors commits and changes to identify vulnerabilities (See below diagram). This approach is problematic since this is done without a clear understanding of the organization’s risk tolerance from a context perspective, as well as somewhat a costly process that utilizes a lot of AI tokens. Commit-level scanning + sandbox validation: The agent flags potential issues at commit time and validates exploitability in sandbox environments before prioritizing and proposing patches. Essentially, it can be said that the agent double-checks its own work to reduce false positives before proposing patches. Patch generation and workflow integration: Once a vulnerability is confirmed, Aardvark proposes a fix (via model-powered patching) and integrates with dev workflows (e.g., GitHub) for review and deployment. Aardvark is mostly focused on continuous, integrated post-commit protection, monitoring changes, finding new issues in evolving code, and reducing human burden in detection + remediation. Aardvark Agentic AI AppSec workflow (Source: OpenAI) While both solutions are a great sign for the software development community, few things are important to understand: Scope: CodeMender emphasizes automated remediation and rewriting across repositories; Aardvark emphasizes continuous protection in the pipeline (commit + post-commit). Workflow placement: CodeMender is suited for upstream repository hardening; Aardvark is suited for ongoing monitoring and rapid response as code evolves. Goal: Both aim to shift security left and make vulnerability discovery + remediation far more efficient moving from reactive scanning to agentic, proactive intervention. But in fact, their design suggests otherwise: automating post-commit review and remediation rather than preventing issues during development. They function more as post-hoc monitors than embedded, real-time security partners. Known Limitations of the Agents From an enterprise software development and AppSec perspective, both solutions are a great starting point to educate and resolve some of the security issues within the commit + post commit phases – but currently, as they are, they are just that – a starting point It is important to understand that both agents are not a complete AppSec platform and are lacking many critical security coverage capabilities: ASPM, AI coding runtime prevention of issues + safe refactoring of the code, support for a wide range of software languages, malicious packages protection depth and breadth, secrets detection and remediation, code-to-cloud AppSec coverage, and more). In addition to the above, these AI agents test in part by authoring and running “test cases”, a form of dynamic analysis that Claude Code’s “Security Review” feature has used, and which was proven to be a potential risk from a creation and execution of malicious code. It’s also important to understand that while adopting an AI security reviewer can be a useful approach to reducing risks in your applications, it also adds risk to the environments in which it runs, as is inherent with any LLM. Deployers must consider these risks and plan appropriate controls. Checkmarx One Assist – An Enhanced Agentic AI AppSec Solution Backed by Real Engines In June 2025, Checkmarx announced the availability of its Agentic AI AppSec platform called Assist. Within the family of agents that are included in the Assist platform, there is the Developer Assist Agent. The Checkmarx Developer Assist agent goes beyond what Codemender by Google and Aardvark by OpenAI offer and provides a real ‘Shift-left’ approach. It ‘lives’ alongside the developer in their IDE as they code, and actively identifies security vulnerabilities as the code is being created, whether generated by AI coding assistants or written manually.Developers receive instant, context-aware alerts directly in their IDE (VS Code, Cursor, Windsurf, Copilot, and more) and can fix issues with a single click. What truly sets Checkmarx apart is its Safe Refactor capability ensuring that every remediation keeps the entire codebase intact. It automatically verifies build integrity, updates dependencies across the repository, and generates documentation and unit tests. By preventing vulnerabilities pre-commit, Checkmarx Developer Assist redefines shift-left security enabling proactive, autonomous, and developer-friendly AppSec in the AI era. Bottom Line The announcements from Google and OpenAI mark an exciting step toward agentic, AI-driven security — but they remain reactive and limited in scope. Checkmarx takes this evolution further, embedding real-time, preventative security directly into developers’ workflows. With Developer Assist and the Checkmarx One Agentic AppSec Platform, organizations can move from detecting threats after the fact to ensuring they never reach the repo in the first place.” Learn More about Developer Assist Prevent vulnerabilities before they hit the repo and remediate at machine speed, without breaking builds or slowing delivery. See it in action
