If you’ve spent any time in the world of software development lately, you’ve seen the impact of AI—especially Large Language Models (LLMs). They’re fast, powerful, and transformative. They can generate code in seconds, and in many cases, it runs right out of the gate.
It’s impressive, exciting, but also raises many concerns.
We’re now generating more code with machines than humans: Our research found that over a third of organizations say more than 60% of their code is automated. That sounds efficient, but it introduces a new kind of risk.
AI-generated code is often less secure, less maintainable, and more opaque. LLMs do not understand your business logic, your architecture, or your long-term goals. They’re not developers—they are token prediction engines.
So the good news is, LLMs are not going to replace developers any time soon. But they are dramatically changing how developers work.
The days of coding lines of JavaScript, Golang, and Python in isolation are over. We are in an era where developers are critical decision-makers, validating AI output, spotting flaws, and safeguarding security at scale. They will soon spend more time on design, integration, security, and innovation, and less time typing in lines of code, which means their value proposition is on the rise.
But with that shift comes a greater burden of responsibility. Developers need AppSec more than ever—not just to secure the code they write, but to validate and fortify the code AI generates on their behalf. As they become gatekeepers of software quality and security, they need tools that empower them to move fast without compromising safety. This is no longer a nice-to-have; it is mission-critical.
I’ve been on both sides of this equation: Before joining Checkmarx, I spent decades as a developer and security advocate. I created ZAP , the world’s most widely used open-source Dynamic Application Security Testing (DAST) tool. ZAP was built to bring more efficiency into security testing without slowing developers down, with automation—a principle that still drives me today.
When Checkmarx employed 3 of the ZAP Core team, it wasn’t just about adding DAST to the portfolio. It was about building a unified vision for the future of AppSec—one that combines SAST, SCA, DAST, IaC scanning, and API security into a single platform: Checkmarx One.
This integration moves us beyond scanning code to understanding business risk, which is exactly what modern organizations need. Because according to our research, there has never been a more critical time for Application Security than now.
- 34% of organizations report that 60%+ of their code is AI-generated, yet only 18% have policies governing AI use.
- 81% knowingly ship vulnerable code, and 98% experienced at least one breach in the past year (with over half of orgs reporting three breaches or more).
With this dizzying pace, it’s clear that security cannot be a bolt-on; it must be embedded from code to cloud and designed to match the pace and heightened risk of AI-generated code. So we are launching a family of AI-powered agents designed to deliver always-on protection throughout the SDLC.
These agents don’t just scan code. They reason, prioritize, and adapt. They collaborate in an intelligent ecosystem helping developers move faster, stay secure, and innovate with confidence. They do the operational work so developers can ask the hard questions behind every line of code.
Introducing the Checkmarx One Assist Family
- Developer Assist: Your AI pair programmer, embedded in the IDE, fixing vulnerabilities in real time.
- Policy Assist (coming soon): A DevSecOps enforcer that applies security policies consistently across pipelines.
- Insights Assist (coming soon): An AppSec strategist that prioritizes vulnerabilities based on business impact.
Imagine asking the simple question: “What’s the biggest vulnerability in our tech stack that could impact our customers?” With Checkmarx One Assist, you will get an answer—fast, accurate, and actionable.
The road(map) ahead…
We’re excited to lead a future where security is developer-first, AI-driven, and business-aware. Our roadmap includes new agents for compliance, threat modeling, and runtime protection—plus continued investment in open source and the best ASCA tools on the planet.
Soon, Checkmarx is likely to hit a major milestone: scanning one trillion lines of code every month. That is not just a number—it’s a responsibility. So developers are not going away, they are moving up the value chain. With the right tools, they will lead the next era of secure, AI-powered software development.