AI Security Champion; AI Security for GitHub Copilot; and real-time, in-IDE code scanning secure AI-generated code and accelerate developers’ security adoption
RSA CONFERENCE – SAN FRANCISCO, CA – MAY 6, 2024 – As a new crop of AI-related threats emerges from the rapid adoption of generative AI (GenAI) tools within application development, Checkmarx, the industry leader in cloud-native application security for the enterprise, has forged a secure path forward for enterprise development and AppSec teams. Building on its earlier innovations to protect ChatGPT-generated code and provide AI-guided remediation, the company is now announcing the launch of its AI Security offering, which includes AI Security for GitHub Copilot, AI Security Champion and real-time in-IDE scanning to empower developers to validate AI-generated code, auto-remediate vulnerabilities and write more secure code from the start.
These new solutions not only secure AI-generated code from potential threats, but also improve the accuracy of and speed at which security issues can be discovered and remediated in code. A new partnership with Prompt Security further extends this secure, streamlined approach to the prevention of code and intellectual property (IP) leakage.
With these new tools and the Prompt Security integration partnership, Checkmarx is addressing two areas of risk arising from the use of GenAI tools that are already in widespread use by development teams: securing the output provided by GenAI tools and securing the data and intellectual property being shared with them.
“GenAI is being rapidly adopted by both application development teams and by threat actors, with little visibility into the extent of use and potential risks for CISOs and AppSec leaders,” said Michelle Abraham, research director, Security and Trust at IDC. “There is a significant market need for solutions that can enable developers to harness GenAI’s potential as an accelerator while providing security leaders with the oversight and risk mitigation required to ensure mature AppSec.”
These new AI solutions within the Checkmarx One platform are equipping developers and AppSec teams with new ways to check and remediate vulnerabilities in real-time:
- AI Security for GitHub Copilot: Scans code generated by GitHub Copilot in the IDE, detecting security issues and ensuring that AI-generated code adheres to security best practices.
- AI Security Champion: Introduces auto-remediation for SAST vulnerabilities. AI Security Champion significantly speeds up time to remediation by suggesting replacement code that removes vulnerabilities detected by Checkmarx SAST.
- Real-time, in-IDE scanning: Provides real-time feedback to developers as they write code within their IDEs. It scans the developer’s code as it’s written, detecting security issues in the code and presenting them within the IDE. Instant feedback ensures that the developer’s code is well-protected and secure from the start, while maintaining productivity.
- Checkmarx GPT: Extends open source and malicious packages detection with the ability to scan ChatGPT-generated source code and is available in the GPTStore.
“Checkmarx is leading the way with our continuous investment and innovation in the area of GenAI and application security,” said Kobi Tzruya, Chief Product Officer at Checkmarx. “In order to secure enterprise data and applications, we’ve committed to improving the developer experience by bringing seamless AppSec capabilities into their workflows in a way that enables them to leverage the power of GenAI while mitigating the new risks that it can bring. Our partnership with Prompt Security illustrates our commitment to building an open technology ecosystem with innovative companies and their best-of-breed AI solutions.”
About the Prompt Security Partnership
Prompt Security offers an enterprise-grade AI security platform to secure the use and integration of generative AI in the organization. Its offering for employees and developers provides visibility into shadow AI and prevents data leaks to them. Code leakage can occur whenever a developer is sharing code via IDE or browser to collaboration platforms like Stack Overflow or to GenAI tools like ChatGPT, Gemini and Copilot.
“As enterprises integrate GenAI into their development stacks, the complexity of potential security risks can increase significantly. At Prompt Security, we’ve developed enterprise-grade solutions with the vision to not only manage these risks but to turn GenAI into a robust ally for business innovation and growth. Our Checkmarx partnership enhances our ability to protect sensitive data and intellectual properties, ensuring that our clients can confidently use GenAI within their SDLC,” said Itamar Golan, CEO and co-founder of Prompt Security.
The Prompt Security browser extension and IDE extension can detect that code or “secrets” such as intellectual property or credentials are being shared to a GenAI tool or collaboration platform. Secrets can be obfuscated automatically while code can be assessed. With the new integration, Checkmarx confirms whether the code is proprietary, blocking the user from leaking code. If Checkmarx confirms that the code is not proprietary, code sharing is permitted.
To see the new solutions at the RSA Conference, visit booth #1427 in the Expo Hall. For more information on Checkmarx One and its AppSec solutions for GenAI in development, visit this page.
About Checkmarx
Checkmarx is trusted by enterprises worldwide to secure their application development from code to cloud. Our consolidated platform and services balance the dynamic needs of enterprises by improving security and reducing TCO, while simultaneously building trust between AppSec, developers, and CISOs. At Checkmarx, we believe it’s not just about finding risk, but remediating it across the entire application footprint and software supply chain with one seamless process for all relevant stakeholders. We are honored to serve more than 1,800 customers, including 40 percent of all Fortune 100 companies.
Follow Checkmarx on LinkedIn, YouTube, and Twitter/X.
Media Contact
Katie Brookes
Merritt Group for Checkmarx