[{"id":108380,"date":"2026-04-19T10:38:28","date_gmt":"2026-04-19T08:38:28","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?p=108380"},"modified":"2026-04-19T10:39:10","modified_gmt":"2026-04-19T08:39:10","slug":"securing-your-ai-supply-chain-your-ai-is-running-but-you-dont-know-what-its-doing","status":"publish","type":"post","link":"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/securing-your-ai-supply-chain-your-ai-is-running-but-you-dont-know-what-its-doing\/","title":{"rendered":"Securing Your AI Supply Chain:\u00a0Your AI Is Running, But You Don&#8217;t Know What\u00a0It&#8217;s\u00a0Doing\u00a0"},"content":{"rendered":"<p>You passed your security audit. SAST came back clean. SCA found no critical vulnerabilities. Secrets scanning turned up nothing. Your release moved forward with confidence.&nbsp;<\/p>\n\n\n\n<p>Then, weeks later, leadership asks: &#8220;Are we using AI in any of our applications?&#8221;&nbsp;<\/p>\n\n\n\n<p>Honestly? No one knows.&nbsp;<\/p>\n\n\n\n<p>Somewhere in your codebase, invisible to every tool you have, an application is calling a hosted LLM service. An agent framework arrived through a dependency. Prompts are loading from runtime configuration. Embeddings are being sent to a vector store.&nbsp;<\/p>\n\n\n\n<p>None of it shows up in your SBOM. None of it is on anyone&#8217;s radar.&nbsp;<\/p>\n\n\n\n<p>This&nbsp;isn&#8217;t&nbsp;a failure of your security team.&nbsp;It&#8217;s&nbsp;a structural gap.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-1\">\n<strong>The Supply Chain is Changing (Again)<\/strong>&nbsp;<\/h2>\n\n\n\n<p>For years, traditional AppSec protected a predictable set of things: application code, open-source packages, secrets, containers, and infrastructure. SAST, SCA, vulnerability management, all built for that world.\u00a0<\/p>\n\n\n\n<p>Then AI became a production dependency.&nbsp;<\/p>\n\n\n\n<p>More than&nbsp;<a href=\"https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2025-08-26-gartner-predicts-40-percent-of-enterprise-apps-will-feature-task-specific-ai-agents-by-2026-up-from-less-than-5-percent-in-2025\" target=\"_blank\" rel=\"noreferrer noopener\">75% of enterprises are already embedding LLMs, AI SDKs, and AI services directly into their applications<\/a>. But the security and governance programs designed to manage software&nbsp;haven&#8217;t&nbsp;caught up.&nbsp;<\/p>\n\n\n\n<p><strong>Modern applications now depend on:<\/strong>&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Hosted AI services (LLM APIs)\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>AI frameworks and SDKs\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Agent code and MCP servers\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Prompts and datasets\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Embeddings and vector stores\u00a0<\/li>\n<\/ul>\n\n\n\n<p><strong>These&nbsp;don&#8217;t&nbsp;behave like traditional dependencies:<\/strong>&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A model can be safe in testing and unsafe under real-world prompts\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A prompt can quietly change system behavior without changing application logic\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>An MCP tool can expand execution capability beyond what developers intended\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A service provider can change data retention terms without a code change\u00a0<\/li>\n<\/ul>\n\n\n\n<p>Traditional AppSec tools&nbsp;don&#8217;t&nbsp;detect these risks because they&nbsp;weren&#8217;t&nbsp;designed to. They&nbsp;can&#8217;t&nbsp;assess model poisoning, unverified weights, unsafe adapters, malicious MCP servers, or licensing violations.&nbsp;&nbsp;<\/p>\n\n\n\n<p>None of these are hypothetical.\u00a0They&#8217;re\u00a0showing up in real pipelines, real codebases, and real compliance conversations, often without anyone realizing it.\u00a0<\/p>\n\n\n\n<p>At the same time, regulatory&nbsp;pressure is real. The EU AI Act, ISO 42001, and&nbsp;other&nbsp;frameworks&nbsp;are&nbsp;creating&nbsp;real accountability for AI governance.&nbsp;Yet, most organizations lack even a basic AI asset inventory, let alone the ability to&nbsp;demonstrate&nbsp;compliance.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-2\">\n<strong>The Hidden Threats in Your AI Dependencies<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Below are 10 prominent AI supply chain risks&nbsp;validated&nbsp;by&nbsp;<a href=\"https:\/\/genai.owasp.org\/llmrisk\/llm032025-supply-chain\/\" target=\"_blank\" rel=\"noreferrer noopener\">OWASP LLM03:2025<\/a>&nbsp;(the industry standard) and our own&nbsp;Checkmarx&nbsp;Zero research team.&nbsp;<\/p>\n\n\n\n<p>These risks reflect where visibility gaps&nbsp;typically become security gaps in this new supply chain structure:&nbsp;<\/p>\n\n\n\n<p><strong>Group A: Trust &amp; Provenance<\/strong>&nbsp;Poisoned models, fake models, abandoned models, vulnerable AI packages\u2014risks tied to where models actually come from and whether you can trust them.&nbsp;<\/p>\n\n\n\n<p><strong>Group B: Modification &amp; Fine-Tuning<\/strong>&nbsp;Malicious adapters, model merge exploits\u2014risks introduced when models are altered without visibility.&nbsp;<\/p>\n\n\n\n<p><strong>Group C: Deployment Risks<\/strong>&nbsp;Mobile and edge model attacks where compromised models are embedded outside standard update mechanisms.&nbsp;<\/p>\n\n\n\n<p><strong>Group D: MCP Supply Chain<\/strong>&nbsp;Tool poisoning, compromised dependencies, shadow MCP servers, unauthorized integrations that expand what AI can&nbsp;actually do.&nbsp;<\/p>\n\n\n\n<p><strong>Group E: Governance &amp; Exposure<\/strong>&nbsp;Licensing violations, unclear terms-of-service, privacy policy drift that quietly changes how your data is used.&nbsp;<\/p>\n\n\n\n<p>Each reflects a different failure mode: compromised artifacts, unmanaged modifications, invisible deployments, unauthorized connections, and untracked obligations.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\n<strong>Where Does Your Organization Actually Stand?<\/strong>&nbsp;<\/h3>\n\n\n\n<p>Most security teams assume&nbsp;they&#8217;re&nbsp;at least partially aware of their AI exposure. In practice, the answer is usually Stage 1: Unknown.&nbsp;There&#8217;s&nbsp;no inventory, no policy enforcement,&nbsp;and&nbsp;no audit trail,&nbsp;just scattered usage across repos and environments.&nbsp;<\/p>\n\n\n\n<p>Getting from Unknown to Governed&nbsp;isn&#8217;t&nbsp;a single leap.&nbsp;It&#8217;s&nbsp;a defined progression: from discovery, to control, to compliance-ready reporting. Understanding where you sit today is the prerequisite to knowing what to do next.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-3\">\n<strong>Visibility First, Then Everything Else<\/strong><strong>&nbsp;<\/strong>&nbsp;<\/h2>\n\n\n\n<p>What connects&nbsp;all&nbsp;these risks is something simple: if you&nbsp;don&#8217;t&nbsp;know an AI&nbsp;component&nbsp;exists in your software, you&nbsp;can&#8217;t&nbsp;assess it, govern it, or protect against what it might do.&nbsp;<\/p>\n\n\n\n<p>This requires building what&nbsp;didn&#8217;t&nbsp;exist before: an AI-BOM, an inventory that captures what AI is running your applications and what that implies for risk and compliance.&nbsp;<\/p>\n\n\n\n<p>This requires four capabilities:&nbsp;<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>\n<strong>Discover<\/strong>\u00a0AI assets across code and configuration\u00a0<\/li>\n<\/ol>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>\n<strong>Assess<\/strong>\u00a0AI-specific risks (not just CVEs)\u00a0<\/li>\n<\/ol>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li>\n<strong>Control<\/strong>\u00a0through policy enforcement and approved registries\u00a0<\/li>\n<\/ol>\n\n\n\n<ol start=\"4\" class=\"wp-block-list\">\n<li>\n<strong>Report<\/strong>\u00a0compliance-ready documentation\u00a0<\/li>\n<\/ol>\n\n\n\n<p>AI is already embedded in your stack, whether you know it or not. The goal&nbsp;isn&#8217;t&nbsp;to slow adoption,&nbsp;it&#8217;s&nbsp;to bring the same AppSec discipline to AI dependencies that teams already apply to everything else they ship.&nbsp;<\/p>\n\n\n\n<p>That starts with visibility.&nbsp;&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-4\">Want to go deeper?&nbsp;&nbsp;<\/h2>\n\n\n\n<p>We&#8217;ve&nbsp;put together a full breakdown of the threat&nbsp;landscape&nbsp;with&nbsp;all 10 risk categories, real-world examples, and the controls mapped to each. But more than that: the guide walks through a practical AI Supply Chain Maturity Model so you can identify where your organization stands today, a side-by-side comparison of traditional SBOMs vs. AI-BOMs, and a two-floor security architecture that tells you what to preserve from your existing AppSec program and what to add on top of it.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/checkmarx.com\/resources\/10-ai-supply-chain-risks-hiding-in-your-codebase\/\" target=\"_blank\" rel=\"noreferrer noopener\">Read it now<\/a>&nbsp;&nbsp;<\/p>","protected":false},"excerpt":{"rendered":"<p>You passed your security audit. SAST came back clean. SCA found no critical vulnerabilities. Secrets scanning turned up nothing. Your release moved forward with confidence.&nbsp; Then, weeks later, leadership asks: &#8220;Are we using AI in any of our applications?&#8221;&nbsp; Honestly? No one knows.&nbsp; Somewhere in your codebase, invisible to every tool you have, an application [&hellip;]<\/p>\n","protected":false},"author":141,"featured_media":108381,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1284,85,84,844],"tags":[1510,1272,361,385],"class_list":["post-108380","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ai-llm-tools-in-application-security","category-application-security-trends","category-blog","category-supply-chain-security","tag-adlc","tag-agentic-ai","tag-software-supply-chain","tag-supply-chain-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Securing Your AI Supply Chain:\u00a0Your AI Is Running, But You Don&#039;t Know What\u00a0It&#039;s\u00a0Doing\u00a0<\/title>\n<meta name=\"description\" content=\"Learn how modern AppSec falls short, explore key AI risks, and discover how to build visibility, governance, and compliance with an AI-BOM approach\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/securing-your-ai-supply-chain-your-ai-is-running-but-you-dont-know-what-its-doing\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Securing Your AI Supply Chain:\u00a0Your AI Is Running, But You Don&#039;t Know What\u00a0It&#039;s\u00a0Doing\u00a0\" \/>\n<meta property=\"og:description\" content=\"Learn how modern AppSec falls short, explore key AI risks, and discover how to build visibility, governance, and compliance with an AI-BOM approach\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/securing-your-ai-supply-chain-your-ai-is-running-but-you-dont-know-what-its-doing\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-19T08:38:28+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-19T08:39:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Screenshot-2026-04-19-112542.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1502\" \/>\n\t<meta property=\"og:image:height\" content=\"791\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Emma Datny\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Emma Datny\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/securing-your-ai-supply-chain-your-ai-is-running-but-you-dont-know-what-its-doing\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/securing-your-ai-supply-chain-your-ai-is-running-but-you-dont-know-what-its-doing\/\"},\"author\":{\"name\":\"Emma Datny\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/f2f13af2bbd7334f86e05c26025b82cc\"},\"headline\":\"Securing Your AI Supply Chain:\u00a0Your AI Is Running, But You Don&#8217;t Know What\u00a0It&#8217;s\u00a0Doing\u00a0\",\"datePublished\":\"2026-04-19T08:38:28+00:00\",\"dateModified\":\"2026-04-19T08:39:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/securing-your-ai-supply-chain-your-ai-is-running-but-you-dont-know-what-its-doing\/\"},\"wordCount\":949,\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/securing-your-ai-supply-chain-your-ai-is-running-but-you-dont-know-what-its-doing\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Screenshot-2026-04-19-112542.webp\",\"keywords\":[\"ADLC\",\"Agentic AI\",\"Software Supply Chain\",\"SSCS\"],\"articleSection\":[\"AI &amp; LLM Tools in Application Security\",\"Application Security Trends &amp; Insights\",\"Blog\",\"Supply Chain Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/securing-your-ai-supply-chain-your-ai-is-running-but-you-dont-know-what-its-doing\/\",\"url\":\"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/securing-your-ai-supply-chain-your-ai-is-running-but-you-dont-know-what-its-doing\/\",\"name\":\"Securing Your AI Supply Chain:\u00a0Your AI Is Running, But You Don't Know What\u00a0It's\u00a0Doing\u00a0\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/securing-your-ai-supply-chain-your-ai-is-running-but-you-dont-know-what-its-doing\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/securing-your-ai-supply-chain-your-ai-is-running-but-you-dont-know-what-its-doing\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Screenshot-2026-04-19-112542.webp\",\"datePublished\":\"2026-04-19T08:38:28+00:00\",\"dateModified\":\"2026-04-19T08:39:10+00:00\",\"description\":\"Learn how modern AppSec falls short, explore key AI risks, and discover how to build visibility, governance, and compliance with an AI-BOM approach\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/securing-your-ai-supply-chain-your-ai-is-running-but-you-dont-know-what-its-doing\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/securing-your-ai-supply-chain-your-ai-is-running-but-you-dont-know-what-its-doing\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Screenshot-2026-04-19-112542.webp\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Screenshot-2026-04-19-112542.webp\",\"width\":1502,\"height\":791},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/f2f13af2bbd7334f86e05c26025b82cc\",\"name\":\"Emma Datny\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/05\/Emma-Datny-150x150.jpg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/05\/Emma-Datny-150x150.jpg\",\"caption\":\"Emma Datny\"},\"sameAs\":[\"https:\/\/checkmarx.com\/\"],\"url\":\"https:\/\/checkmarx.com\/author\/emma_datny\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Securing Your AI Supply Chain:\u00a0Your AI Is Running, But You Don't Know What\u00a0It's\u00a0Doing\u00a0","description":"Learn how modern AppSec falls short, explore key AI risks, and discover how to build visibility, governance, and compliance with an AI-BOM approach","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/securing-your-ai-supply-chain-your-ai-is-running-but-you-dont-know-what-its-doing\/","og_locale":"en_US","og_type":"article","og_title":"Securing Your AI Supply Chain:\u00a0Your AI Is Running, But You Don't Know What\u00a0It's\u00a0Doing\u00a0","og_description":"Learn how modern AppSec falls short, explore key AI risks, and discover how to build visibility, governance, and compliance with an AI-BOM approach","og_url":"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/securing-your-ai-supply-chain-your-ai-is-running-but-you-dont-know-what-its-doing\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_published_time":"2026-04-19T08:38:28+00:00","article_modified_time":"2026-04-19T08:39:10+00:00","og_image":[{"width":1502,"height":791,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Screenshot-2026-04-19-112542.webp","type":"image\/webp"}],"author":"Emma Datny","twitter_card":"summary_large_image","twitter_creator":"@checkmarx","twitter_site":"@checkmarx","twitter_misc":{"Written by":"Emma Datny","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/securing-your-ai-supply-chain-your-ai-is-running-but-you-dont-know-what-its-doing\/#article","isPartOf":{"@id":"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/securing-your-ai-supply-chain-your-ai-is-running-but-you-dont-know-what-its-doing\/"},"author":{"name":"Emma Datny","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/f2f13af2bbd7334f86e05c26025b82cc"},"headline":"Securing Your AI Supply Chain:\u00a0Your AI Is Running, But You Don&#8217;t Know What\u00a0It&#8217;s\u00a0Doing\u00a0","datePublished":"2026-04-19T08:38:28+00:00","dateModified":"2026-04-19T08:39:10+00:00","mainEntityOfPage":{"@id":"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/securing-your-ai-supply-chain-your-ai-is-running-but-you-dont-know-what-its-doing\/"},"wordCount":949,"publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"image":{"@id":"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/securing-your-ai-supply-chain-your-ai-is-running-but-you-dont-know-what-its-doing\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Screenshot-2026-04-19-112542.webp","keywords":["ADLC","Agentic AI","Software Supply Chain","SSCS"],"articleSection":["AI &amp; LLM Tools in Application Security","Application Security Trends &amp; Insights","Blog","Supply Chain Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/securing-your-ai-supply-chain-your-ai-is-running-but-you-dont-know-what-its-doing\/","url":"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/securing-your-ai-supply-chain-your-ai-is-running-but-you-dont-know-what-its-doing\/","name":"Securing Your AI Supply Chain:\u00a0Your AI Is Running, But You Don't Know What\u00a0It's\u00a0Doing\u00a0","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/securing-your-ai-supply-chain-your-ai-is-running-but-you-dont-know-what-its-doing\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/securing-your-ai-supply-chain-your-ai-is-running-but-you-dont-know-what-its-doing\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Screenshot-2026-04-19-112542.webp","datePublished":"2026-04-19T08:38:28+00:00","dateModified":"2026-04-19T08:39:10+00:00","description":"Learn how modern AppSec falls short, explore key AI risks, and discover how to build visibility, governance, and compliance with an AI-BOM approach","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/securing-your-ai-supply-chain-your-ai-is-running-but-you-dont-know-what-its-doing\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/securing-your-ai-supply-chain-your-ai-is-running-but-you-dont-know-what-its-doing\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Screenshot-2026-04-19-112542.webp","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Screenshot-2026-04-19-112542.webp","width":1502,"height":791},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]},{"@type":"Person","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/f2f13af2bbd7334f86e05c26025b82cc","name":"Emma Datny","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/05\/Emma-Datny-150x150.jpg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/05\/Emma-Datny-150x150.jpg","caption":"Emma Datny"},"sameAs":["https:\/\/checkmarx.com\/"],"url":"https:\/\/checkmarx.com\/author\/emma_datny\/"}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/108380","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/141"}],"replies":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/comments?post=108380"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/108380\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/108381"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=108380"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/categories?post=108380"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/tags?post=108380"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}},{"id":108259,"date":"2026-04-13T22:52:30","date_gmt":"2026-04-13T20:52:30","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?p=108259"},"modified":"2026-04-19T08:26:34","modified_gmt":"2026-04-19T06:26:34","slug":"checkmarx-application-security-guide-to-mythos","status":"publish","type":"post","link":"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/","title":{"rendered":"Checkmarx Application Security Guide to Claude Mythos"},"content":{"rendered":"<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-1\"><strong>Introduction<\/strong><\/h2>\n\n\n\n<p>On April&nbsp;7, 2026,&nbsp;Anthropic revealed its new AI Model named \u201cMythos\u201d&nbsp;(currently&nbsp;in private mode)&nbsp;that aims to secure software in the AI&nbsp;era.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Anthropic claims that&nbsp;AI has reached a turning point in cybersecurity. With the&nbsp;expected&nbsp;release of Mythos,&nbsp;AI models are&nbsp;poised to be&nbsp;capable of&nbsp;identifying&nbsp;and exploiting software vulnerabilities at a level that rivals and, in many cases, surpasses top human experts. Mythos has already uncovered thousands&nbsp;of&nbsp;high-severity vulnerabilities across major operating systems and browsers,&nbsp;signaling&nbsp;rapid&nbsp;acceleration in both capability and risk.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Quickly in the wake of the Mythos announcement,&nbsp;Anthropic&nbsp;launched a&nbsp;coalition,&nbsp;named&nbsp;Project<strong>&nbsp;<\/strong>\u201c<a href=\"https:\/\/www.anthropic.com\/glasswing\" target=\"_blank\" rel=\"noreferrer noopener\">Glasswing<\/a>\u201d&nbsp;after&nbsp;the clear-winged,&nbsp;tropical&nbsp;butterfly. The project, which includes over 40 major technology organizations such as Apple, Google, Microsoft, and Nvidia, is critical to redirecting this&nbsp;vast new LLM&nbsp;power toward defense rather than exploitation.&nbsp;<\/p>\n\n\n\n<p>A recent&nbsp;<a href=\"https:\/\/red.anthropic.com\/2026\/mythos-preview\/\" target=\"_blank\" rel=\"noreferrer noopener\">example<\/a>&nbsp;shared by Anthropic highlights the leap in capability: while the Opus 4.6 model was able to generate a working JavaScript shell exploit for a Firefox 147 vulnerability only&nbsp;two&nbsp;times out of hundreds of attempts, Mythos achieved a dramatically higher success rate, producing a working exploit in 181&nbsp;cases.&nbsp;That\u2019s&nbsp;not a marginal&nbsp;gain;&nbsp;it\u2019s&nbsp;a fundamentally different level of capability.&nbsp;<\/p>\n\n\n\n<style>\n  .cx-wrap{font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;background:#FCF9FE;border-radius:12px;border:2px solid #6B34FD;padding:clamp(18px,4vw,40px) clamp(14px,4vw,44px) clamp(16px,3vw,32px);max-width:860px;margin:0 auto;box-sizing:border-box;width:100%}\n  .cx-title{font-size:clamp(16px,3.5vw,26px);font-weight:900;color:#140921;text-align:center;letter-spacing:-0.4px;line-height:1.2;margin-bottom:16px}\n  .cx-legend{display:flex;flex-wrap:wrap;gap:6px 14px;justify-content:center;margin-bottom:18px}\n  .cx-legend-item{display:flex;align-items:flex-start;gap:6px;font-size:clamp(10px,2.2vw,12px);color:#444;line-height:1.4;max-width:100%}\n  .cx-legend-dot{width:10px;height:10px;min-width:10px;border-radius:2px;margin-top:2px;flex-shrink:0}\n  .cx-chart-wrap{position:relative;width:100%;height:clamp(200px,45vw,340px);box-sizing:border-box}\n  .cx-footer-note{margin-top:14px;font-size:clamp(10px,2.2vw,11px);color:#777;line-height:1.55;text-align:left}\n<\/style>\n \n<div class=\"cx-wrap\" id=\"cx-exploit-wrap\">\n  <h2 class=\"cx-title article-anchor\" id=\"article-anchor-2\">Firefox JS shell exploitation<\/h2>\n  <div class=\"cx-legend\">\n    <div class=\"cx-legend-item\">\n<div class=\"cx-legend-dot\" style=\"background:#F25929\"><\/div>\n<span>Percentage of trials model generated a successful exploit<\/span>\n<\/div>\n    <div class=\"cx-legend-item\">\n<div class=\"cx-legend-dot\" style=\"background:#A822BF\"><\/div>\n<span>Percentage of trials model achieved register control (but could not exploit)<\/span>\n<\/div>\n    <div class=\"cx-legend-item\">\n<div class=\"cx-legend-dot\" style=\"background:#6B34FD\"><\/div>\n<span>Did not succeed<\/span>\n<\/div>\n  <\/div>\n  <div class=\"cx-chart-wrap\" id=\"cx-exploit-canvas-wrap\">\n    <canvas id=\"cxExploitCanvas\"><\/canvas>\n  <\/div>\n  <div class=\"cx-footer-note\">In a previous blog, we noted that Opus 4.6 was able to successfully generate exploits for crashes it found in Firefox in two separate trials out of many, which was a success rate of less than 1%. We plot this success rate next to Claude Mythos Preview, which succeeds at creating a working exploit nearly 100 times more often.<\/div>\n<\/div>\n\n\n\n<p><\/p>\n\n\n\n<p>In this article, we will provide a useful guide to allow you to better understand the&nbsp;announcement, what it means for&nbsp;application security leaders as well as&nbsp;some recommendations&nbsp;that&nbsp;you can learn from&nbsp;as you are moving forward&nbsp;with&nbsp;your AI journey.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-2\"><strong>Why did Anthropic Make&nbsp;this Announcement?&nbsp;And,&nbsp;Why Now?<\/strong><\/h2>\n\n\n\n<p>For years, many software vulnerabilities have gone undetected because&nbsp;identifying&nbsp;and exploiting them requires highly specialized&nbsp;expertise. With the rise of advanced AI models, the&nbsp;barriers due to&nbsp;cost, effort, and skill have dropped&nbsp;dramatically,&nbsp;making both discovery and exploitation&nbsp;accessible,&nbsp;fast,&nbsp;and&nbsp;scalable. As you can see in&nbsp;Checkmarx\u2019s&nbsp;own research&nbsp;below, the time to exploit a security vulnerability decreases&nbsp;dramatically&nbsp;with the power and adoption of AI.&nbsp;<\/p>\n\n\n\n<p>Vulnerabilities that took weeks, months,&nbsp;or&nbsp;even years to exploit&nbsp;until&nbsp;recently, can now be weaponized in a matter of minutes.&nbsp;This&nbsp;defines&nbsp;an entirely&nbsp;new&nbsp;reality&nbsp;for application security,&nbsp;and it&nbsp;needs to be top&nbsp;priority&nbsp;for any head of&nbsp;security,&nbsp;head of&nbsp;engineering, and the entire executive team.&nbsp;&nbsp;<\/p>\n\n\n\n<style>\n  .cx-wrap2{font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;background:#FCF9FE;border-radius:12px;border:2px solid #6B34FD;padding:clamp(18px,4vw,40px) clamp(14px,4vw,44px) clamp(16px,3vw,32px);max-width:860px;margin:0 auto;box-sizing:border-box;width:100%}\n  .cx-title2{font-size:clamp(16px,3.5vw,28px);font-weight:900;color:#140921;text-align:center;letter-spacing:-0.5px;line-height:1.15;margin-bottom:8px}\n  .cx-sub2{font-size:clamp(12px,2.8vw,15px);font-weight:600;color:#6B34FD;text-align:center;margin-bottom:24px}\n  .cx-body2{display:grid;grid-template-columns:minmax(0,3fr) minmax(0,2fr);gap:20px;align-items:start}\n  .cx-body2.stacked{grid-template-columns:1fr}\n  .cx-chart-wrap2{position:relative;width:100%;height:clamp(180px,40vw,268px);box-sizing:border-box}\n  .cx-body2.stacked .cx-chart-wrap2{height:clamp(180px,55vw,240px)}\n  .cx-chart-label2{font-size:clamp(9px,2vw,11px);font-weight:700;color:#140921;letter-spacing:0.8px;text-transform:uppercase;margin-bottom:8px}\n  .cx-panel2{background:#140921;border-radius:10px;padding:clamp(14px,3vw,22px);color:#FCF9FE}\n  .cx-panel-header2{display:flex;align-items:center;gap:10px;margin-bottom:12px}\n  .cx-panel-icon2{width:32px;height:32px;min-width:32px;background:#6B34FD;border-radius:7px;display:flex;align-items:center;justify-content:center}\n  .cx-panel-title2{font-size:clamp(13px,2.8vw,15px);font-weight:900;color:#FCF9FE;letter-spacing:-0.2px;line-height:1.2}\n  .cx-bullets2{list-style:none!important;padding:0!important;margin:0!important;display:flex;flex-direction:column;gap:10px}\n  .cx-bullets2 li{font-size:clamp(11px,2.5vw,13px);color:rgba(252,249,254,0.8);line-height:1.55;padding-left:14px!important;position:relative}\n  .cx-bullets2 li::before{content:''!important;position:absolute!important;left:0!important;top:6px!important;width:5px!important;height:5px!important;border-radius:50%!important;background:#F25929!important;border:none!important;box-shadow:none!important;display:block!important}\n  .cx-bullets2 li::after{display:none!important;content:none!important}\n  .cx-bullets2 strong{color:#FCF9FE;font-weight:700}\n  .cx-footer2{margin-top:20px;background:#140921;border-radius:10px;padding:clamp(12px,3vw,15px) clamp(14px,3vw,22px);text-align:center}\n  .cx-footer-text2{font-size:clamp(12px,2.8vw,14px);color:#FCF9FE;line-height:1.5}\n  .cx-footer-text2 strong{color:#F25929;font-size:clamp(15px,3.5vw,18px);font-weight:900}\n  .cx-footer-cite2{font-size:clamp(10px,2vw,11px);color:rgba(252,249,254,0.45);margin-top:5px;font-style:italic}\n<\/style>\n \n<div class=\"cx-wrap2\" id=\"cx-vuln-wrap\">\n  <h2 class=\"cx-title2 article-anchor\" id=\"article-anchor-4\">AI Speeds Weaponization of Vulnerabilities<\/h2>\n  <p class=\"cx-sub2\">Teams must now rush to investigate and determine which threats are most critical.<\/p>\n  <div class=\"cx-body2\" id=\"cx-vuln-body\">\n    <div>\n      <div class=\"cx-chart-label2\">From Vulnerability to Exploitation<\/div>\n      <div class=\"cx-chart-wrap2\" id=\"cx-vuln-canvas-wrap\">\n        <canvas id=\"cxVulnCanvas\"><\/canvas>\n      <\/div>\n    <\/div>\n    <div>\n      <div class=\"cx-panel2\">\n        <div class=\"cx-panel-header2\">\n          <div class=\"cx-panel-icon2\">\n            <svg width=\"18\" height=\"18\" viewbox=\"0 0 20 20\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\">\n              <circle cx=\"10\" cy=\"10\" r=\"8\" stroke=\"#FCF9FE\" stroke-width=\"1.7\"><\/circle>\n              <path d=\"M10 6v5M10 14v.5\" stroke=\"#FCF9FE\" stroke-width=\"1.9\" stroke-linecap=\"round\"><\/path>\n            <\/svg>\n          <\/div>\n          <div class=\"cx-panel-title2\">No More Grace Period<\/div>\n        <\/div>\n        <ul class=\"cx-bullets2\">\n          <li>The time between vulnerability disclosure and weaponization has essentially been <strong>eliminated<\/strong>.<\/li>\n          <li>LLMs have been observed generating working CVE exploits in just <strong>10\u201315 minutes<\/strong> at approximately $1 per exploit.<\/li>\n          <li>By 2028 it&#8217;s projected to drop within <strong>1 minute<\/strong>.<\/li>\n        <\/ul>\n      <\/div>\n    <\/div>\n  <\/div>\n  <div class=\"cx-footer2\">\n    <div class=\"cx-footer-text2\">\n<strong>81%<\/strong> of organizations admit to knowingly release software with code they know is vulnerable<\/div>\n    <div class=\"cx-footer-cite2\">\u2014 Checkmarx, &#8220;Future of Application Security&#8221; Report<\/div>\n  <\/div>\n<\/div>\n \n<script src=\"https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/Chart.js\/4.4.1\/chart.umd.js\"><\/script>\n<script>\n(function () {\n  var FG = \"'Helvetica Neue',Helvetica,Arial,sans-serif\";\n  var BREAKPOINT = 540;\n  var exploitInst = null;\n  var vulnInst = null;\n  var exploitTimer = null;\n  var vulnTimer = null;\n \n  \/* \u2500\u2500 CHART 1: rebuild exploit bar chart \u2500\u2500 *\/\n  function rebuildExploit() {\n    var wrap = document.getElementById('cx-exploit-canvas-wrap');\n    if (!wrap) return;\n    var w = wrap.offsetWidth || 400;\n    var small = w < 400;\n \n    if (exploitInst) { exploitInst.destroy(); exploitInst = null; }\n    wrap.innerHTML = '';\n    var c = document.createElement('canvas');\n    wrap.appendChild(c);\n \n    exploitInst = new Chart(c, {\n      type: 'bar',\n      data: {\n        labels: ['Sonnet 4.6', 'Opus 4.6', 'Mythos Preview'],\n        datasets: [\n          { label: 'Successful exploit',    data: [4.4, 14.4, 72.4], backgroundColor: '#F25929', borderRadius: 0, borderSkipped: false },\n          { label: 'Register control only', data: [0,   0,    11.6], backgroundColor: '#A822BF', borderRadius: 0, borderSkipped: false },\n          { label: 'Did not succeed',       data: [95.6,85.6, 16.0], backgroundColor: '#6B34FD', borderRadius: 0, borderSkipped: false }\n        ]\n      },\n      options: {\n        responsive: true, maintainAspectRatio: false, animation: false,\n        plugins: {\n          legend: { display: false },\n          tooltip: {\n            callbacks: { label: function (ctx) { return ' ' + ctx.dataset.label + ': ' + ctx.parsed.y + '%'; } },\n            backgroundColor: '#140921', titleColor: '#FCF9FE', bodyColor: '#FCF9FE', borderColor: '#6B34FD', borderWidth: 1\n          }\n        },\n        scales: {\n          x: {\n            stacked: true,\n            ticks: { color: '#333', font: { size: small ? 10 : 13, weight: '600', family: FG }, maxRotation: 0 },\n            grid: { display: false }, border: { color: '#ccc' }\n          },\n          y: {\n            stacked: true, min: 0, max: 100,\n            ticks: { color: '#888', font: { size: small ? 9 : 11, family: FG }, callback: function (v) { return v + ''; }, stepSize: 25 },\n            grid: { color: 'rgba(0,0,0,0.06)' }, border: { display: false },\n            title: { display: !small, text: 'Trials (%)', color: '#555', font: { size: 12, family: FG }, padding: { bottom: 8 } }\n          }\n        }\n      },\n      plugins: [{\n        afterDatasetsDraw: function (chart) {\n          var ctx = chart.ctx;\n          var sm = chart.chartArea.width < 280;\n          var m0 = chart.getDatasetMeta(0), m1 = chart.getDatasetMeta(1);\n          function lbl(val, bar, fs) {\n            var sh = bar.base - bar.y; if (sh < 14) return;\n            ctx.save(); ctx.fillStyle = '#FCF9FE';\n            ctx.font = 'bold ' + (sm ? fs - 2 : fs) + 'px ' + FG;\n            ctx.textAlign = 'center'; ctx.textBaseline = 'middle';\n            ctx.fillText(val.toFixed(1) + '%', bar.x, bar.y + sh \/ 2); ctx.restore();\n          }\n          chart.data.datasets[0].data.forEach(function (v, i) { if (v > 0) lbl(v, m0.data[i], 13); });\n          chart.data.datasets[1].data.forEach(function (v, i) { if (v > 0) lbl(v, m1.data[i], 12); });\n        }\n      }]\n    });\n  }\n \n  \/* \u2500\u2500 CHART 2: rebuild vuln line chart \u2500\u2500 *\/\n  var vLabels = ['2018','2019','2020','2021','2022','2023','2024','2025','2026'];\n  var vRaw    = [840, 693, 475, 295, 291, 207, 56, 23.2, 1.6];\n  var vDisp   = ['2.3y','1.9y','1.3y','9.8mo','9.7mo','6.9mo','56d','23.2d','1.6d'];\n \n  function rebuildVuln() {\n    var wrap = document.getElementById('cx-vuln-canvas-wrap');\n    if (!wrap) return;\n    var w = wrap.offsetWidth || 400;\n    var small = w < 380;\n \n    if (vulnInst) { vulnInst.destroy(); vulnInst = null; }\n    wrap.innerHTML = '';\n    var c = document.createElement('canvas');\n    wrap.appendChild(c);\n \n    vulnInst = new Chart(c, {\n      type: 'line',\n      data: {\n        labels: vLabels,\n        datasets: [{\n          data: vRaw,\n          borderColor: '#6B34FD', borderWidth: 2,\n          pointBackgroundColor: vLabels.map(function (_,i) { return i === vLabels.length-1 ? '#F25929' : '#6B34FD'; }),\n          pointBorderColor:     vLabels.map(function (_,i) { return i === vLabels.length-1 ? '#F25929' : '#6B34FD'; }),\n          pointRadius:          vLabels.map(function (_,i) { return i === vLabels.length-1 ? 5 : 3; }),\n          tension: 0.35, fill: true, backgroundColor: 'rgba(107,52,253,0.07)'\n        }]\n      },\n      options: {\n        responsive: true, maintainAspectRatio: false, animation: false,\n        layout: { padding: { top: small ? 22 : 26 } },\n        plugins: {\n          legend: { display: false },\n          tooltip: {\n            callbacks: { label: function (ctx) { return ' ' + vDisp[ctx.dataIndex]; } },\n            backgroundColor: '#140921', titleColor: '#FCF9FE', bodyColor: '#FCF9FE', borderColor: '#6B34FD', borderWidth: 1\n          }\n        },\n        scales: {\n          y: {\n            ticks: { color: '#888', font: { size: small ? 9 : 11, family: FG }, callback: function (v) { return v >= 365 ? Math.round(v\/365)+'y' : v >= 30 ? Math.round(v\/30)+'mo' : v+'d'; }, maxTicksLimit: 5 },\n            grid: { color: 'rgba(107,52,253,0.1)' }, border: { dash: [3,3] }\n          },\n          x: {\n            ticks: { color: '#555', font: { size: small ? 8 : 10, family: FG }, autoSkip: false, maxRotation: small ? 45 : 0, minRotation: 0 },\n            grid: { display: false }\n          }\n        }\n      },\n      plugins: [{\n        afterDatasetsDraw: function (chart) {\n          var ctx = chart.ctx, xs = chart.scales.x, ys = chart.scales.y;\n          var sm = chart.chartArea.width < 220;\n          vRaw.forEach(function (val, i) {\n            ctx.save();\n            ctx.fillStyle = i === vRaw.length-1 ? '#F25929' : '#6B34FD';\n            ctx.font = 'bold ' + (sm ? 9 : 11) + 'px ' + FG;\n            ctx.textAlign = 'center';\n            ctx.fillText(vDisp[i], xs.getPixelForValue(i), ys.getPixelForValue(val) - (sm ? 12 : 15));\n            ctx.restore();\n          });\n        }\n      }]\n    });\n  }\n \n  \/* \u2500\u2500 LAYOUT: stack\/unstack vuln body \u2500\u2500 *\/\n  function applyVulnLayout() {\n    var wrapEl = document.getElementById('cx-vuln-wrap');\n    var bodyEl = document.getElementById('cx-vuln-body');\n    if (!wrapEl || !bodyEl) return;\n    if (wrapEl.offsetWidth < BREAKPOINT) { bodyEl.classList.add('stacked'); }\n    else { bodyEl.classList.remove('stacked'); }\n  }\n \n  \/* \u2500\u2500 RESIZE handlers \u2500\u2500 *\/\n  function onResizeExploit() {\n    clearTimeout(exploitTimer);\n    exploitTimer = setTimeout(rebuildExploit, 80);\n  }\n  function onResizeVuln() {\n    clearTimeout(vulnTimer);\n    vulnTimer = setTimeout(function () { applyVulnLayout(); rebuildVuln(); }, 80);\n  }\n \n  function attachResize(elId, handler) {\n    var el = document.getElementById(elId);\n    if (!el) return;\n    if (typeof ResizeObserver !== 'undefined') {\n      new ResizeObserver(handler).observe(el);\n    } else {\n      window.addEventListener('resize', handler);\n    }\n  }\n \n  \/* \u2500\u2500 BOOT \u2500\u2500 *\/\n  function boot() {\n    applyVulnLayout();\n    rebuildExploit();\n    rebuildVuln();\n    attachResize('cx-exploit-wrap', onResizeExploit);\n    attachResize('cx-vuln-wrap', onResizeVuln);\n  }\n \n  \/* Wait for Chart.js \u2014 it's loaded via the <script src> tag just above,\n     so it will always be ready by the time this inline script runs in a\n     normal browser. The window.onload fallback catches any edge cases\n     (e.g. slow connections where the CDN script is still in-flight). *\/\n  if (typeof Chart !== 'undefined') {\n    boot();\n  } else {\n    window.addEventListener('load', function () {\n      if (typeof Chart !== 'undefined') { boot(); }\n    });\n  }\n \n})();\n<\/script>\n\n\n\n<p><\/p>\n\n\n\n<p>According to our&nbsp;annual&nbsp;Future of Application Security&nbsp;<a href=\"https:\/\/checkmarx.com\/report-future-of-appsec-2025\/\" target=\"_blank\" rel=\"noreferrer noopener\">report<\/a>, over 81% of organizations knowingly ship vulnerable code driven by overwhelming noise, uncontextualized backlogs, and limited resources. This is just one of several AI-driven challenges AppSec leaders must now confront. In the next section, we break down the most critical ones.&nbsp;<\/p>\n\n\n\n<p><em>For&nbsp;additional&nbsp;perspective on how&nbsp;security&nbsp;is&nbsp;evolving with advances like Mythos, watch this industry discussion:<\/em>&nbsp;<\/p>\n\n\n\n<iframe width=\"560\" height=\"315\" src=\"https:\/\/www.youtube.com\/embed\/B9AJK5LbEds?si=Lo7Gv5Diwa0bO0Wq\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-3\"><strong>The Challenges of Adopting only AI Model-Based Security Solutions<\/strong><\/h2>\n\n\n\n<p>As organizations accelerate toward AI-native development, the security landscape is shifting just as rapidly, and not always in predictable ways. New AI models are&nbsp;demonstrating&nbsp;an unprecedented ability to uncover vulnerabilities in existing codebases, including long-standing flaws that have gone undetected for years. At the same time, these models are dramatically lowering the barrier to exploitation, enabling faster weaponization of both known and unknown vulnerabilities. This creates a dual challenge: while discovery improves, the volume and velocity of risk increase just as quickly.&nbsp;<\/p>\n\n\n\n<p>With that in mind,&nbsp;here are some of the&nbsp;key security challenges&nbsp;that are&nbsp;emerging&nbsp;in agentic development,&nbsp;that&nbsp;enterprises must acknowledge:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>New models are uncovering large volumes of zero-days in older code.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>AI Speeds weaponization of vulnerabilities:&nbsp;Known &amp;&nbsp;unknown.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A great reference to learn from is the recent&nbsp;<a href=\"https:\/\/tomtunguz.com\/the-jagged-frontier-of-ai-security\/\" target=\"_blank\" rel=\"noreferrer noopener\">article<\/a>&nbsp;around the&nbsp;\u201cjagged frontier\u201d&nbsp;of AI security.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>As much as 45% of&nbsp;AI-generated code&nbsp;may be&nbsp;insecure.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>LLMs&nbsp;are&nbsp;missing&nbsp;vulnerabilities;&nbsp;coverage is incomplete.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Models are trained from&nbsp;different sources, thus producing inconsistent results from one LLM to another.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>AI Models are not comprehensive enough and are lacking context.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-4\"><strong>Deterministic &amp; Probabilistic AppSec for Known &amp; Unknown Vulnerabilities<\/strong><\/h2>\n\n\n\n<p>As the software landscape evolves into an agentic one and LLMs continue to advance,&nbsp;it\u2019s&nbsp;critical to recognize that AI-driven security analysis alone is not sufficient. Models that generate, and flag issues based on probabilistic reasoning must&nbsp;operate&nbsp;alongside deterministic systems grounded in real-world context, customer environments, true exploitability, policy enforcement, auditability, and full visibility. At enterprise scale, this also means supporting thousands of repositories, distributed teams, and highly interconnected systems.&nbsp;<\/p>\n\n\n\n<p>As highlighted in&nbsp;<em>Tomasz&nbsp;Tunguz\u2019s&nbsp;\u201cJagged Frontier of AI Security\u201d&nbsp;article above<\/em>, AI capabilities are not&nbsp;linear;&nbsp;they are inconsistent and context dependent. While models like Mythos can&nbsp;demonstrate&nbsp;breakthrough performance in discovering and exploiting unknown vulnerabilities, similar outcomes can often be reproduced by smaller models when given the right inputs. At the same time, known vulnerabilities,&nbsp;often buried in backlogs and lacking prioritization,&nbsp;remain a significant and weaponizable risk in the age of AI.&nbsp;<\/p>\n\n\n\n<p>In this uneven reality, some vulnerabilities are identified with high precision, while others are missed entirely. This leads to false confidence, inconsistent outputs, and critical gaps in risk coverage. If detection&nbsp;isn\u2019t&nbsp;consistent, it&nbsp;isn\u2019t&nbsp;trustworthy.&nbsp;<\/p>\n\n\n\n<style>\n  .cx-quote{font-family:'Helvetica Neue',Helvetica,Arial,sans-serif !important;background:#140921 !important;border-radius:14px !important;border-left:5px solid #6B34FD !important;padding:40px 44px 38px !important;max-width:860px !important;margin:32px auto !important;position:relative !important;overflow:hidden !important;box-sizing:border-box !important;width:100% !important;display:block !important}\n  .cx-quote::before{content:'' !important;position:absolute !important;top:0 !important;right:0 !important;width:220px !important;height:220px !important;background:radial-gradient(circle at top right,rgba(107,52,253,.18) 0%,transparent 70%) !important;pointer-events:none !important}\n  .cx-quote::after{content:'\\201C' !important;position:absolute !important;top:-10px !important;right:28px !important;font-size:140px !important;line-height:1 !important;color:rgba(107,52,253,.18) !important;font-family:Georgia,serif !important;pointer-events:none !important}\n  .cx-quote .cx-quote__text{font-family:'Helvetica Neue',Helvetica,Arial,sans-serif !important;font-size:clamp(22px,2.8vw,32px) !important;font-weight:600 !important;color:#FCF9FE !important;line-height:1.55 !important;margin:0 !important;font-style:normal !important;text-decoration:none !important;display:block !important;text-align:center !important}\n<\/style>\n \n<div class=\"cx-quote\">\n  <p class=\"cx-quote__text\">If detection isn&#8217;t consistent, it isn&#8217;t trustworthy.<\/p>\n<\/div>\n\n\n\n<p>This is where a hybrid model becomes essential&nbsp;&#8211;&nbsp;AI&nbsp;with its&nbsp;probabilistic&nbsp;reasoning&nbsp;provides speed and scale, but it must be complemented by a deterministic security layer that&nbsp;validates&nbsp;findings based on context and real exploitability, and this is where&nbsp;we are focused.&nbsp;Brought together,&nbsp;probabilistic&nbsp;and deterministic approaches&nbsp;establish&nbsp;a new standard for agentic application security,&nbsp;one that delivers high-fidelity, actionable results at scale.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-5\"><strong>Making the case for Agentic Triage &amp; Remediation<\/strong><\/h2>\n\n\n\n<p>We\u2019ve&nbsp;established&nbsp;that combining LLM-driven security which uncovers a wide range of unknown vulnerabilities with an already unmanageable backlog of known issues (leaving 81% of organizations exposed) requires a hybrid approach that blends probabilistic and deterministic analysis. But that alone is not enough.&nbsp;<\/p>\n\n\n\n<p>The sheer volume of vulnerabilities now demands agentic triage and remediation. Manual processes cannot keep up; they&nbsp;fail to&nbsp;provide context, prioritize effectively, or resolve risk with confidence at scale.&nbsp;<\/p>\n\n\n\n<p>This is where AI agents become critical. By automatically performing intelligent triage to&nbsp;eliminate&nbsp;noise and prioritize truly exploitable risk, and by driving fast, automated remediation, they bring together reasoning and precision. The result is security that is not only scalable, but truly actionable in an AI-native development environment.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-6\"><strong>Final Thoughts &amp; Recommendations<\/strong><\/h2>\n\n\n\n<p>The&nbsp;Mythos&nbsp;announcement and the formation of Project&nbsp;Glasswing&nbsp;mark a major milestone in AI-driven security, but they are not, and cannot be, a standalone solution. As outlined above, AI models both amplify existing risks and expose new ones, creating challenges that require a broader, more integrated approach.&nbsp;<\/p>\n\n\n\n<p>To build a truly enterprise-grade, trustworthy AI security program, we recommend the following steps:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<strong>Hybrid AppSec Model<\/strong>&nbsp;<br>Combine deterministic precision with probabilistic AI to cover both known and unknown risk.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<strong>Agentic Triage &amp; Remediation<\/strong>&nbsp;<br>Leverage AI agents to scale context-aware triage and accelerate remediation.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<strong>Shift Left to the Source<\/strong>&nbsp;<br>Identify and fix AI-generated vulnerabilities at code&nbsp;creation, before&nbsp;they reach production.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Learn more about Checkmarx\u2019s agentic agents: <a href=\"https:\/\/checkmarx.com\/product\/developer-assist\/\">Developer Assist <\/a>and <a href=\"https:\/\/checkmarx.com\/product\/triage-and-remediation\/\">Triage and Remediation Assist<\/a>.<\/p>\n\n\n\n<p><\/p>","protected":false},"excerpt":{"rendered":"<p>Claude Mythos highlights a new era of dynamic, AI-driven applications, and the growing security blind spots they create. Securing them requires agentic AppSec that combines deterministic precision with probabilistic intelligence, delivering full AI visibility and high-fidelity, low-noise results.<\/p>\n","protected":false},"author":146,"featured_media":108273,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1284,84],"tags":[1272,1517,15],"class_list":["post-108259","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ai-llm-tools-in-application-security","category-blog","tag-agentic-ai","tag-claude-mythos","tag-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Checkmarx Application Security Guide to Claude Mythos<\/title>\n<meta name=\"description\" content=\"Claude Mythos highlights a new era of dynamic, AI-driven applications, and the growing security blind spots they create.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Checkmarx Application Security Guide to Claude Mythos\" \/>\n<meta property=\"og:description\" content=\"Claude Mythos highlights a new era of dynamic, AI-driven applications, and the growing security blind spots they create.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-13T20:52:30+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-19T06:26:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Checkmarx-Application-Security-Guide-to-Claude-Mythos.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"2000\" \/>\n\t<meta property=\"og:image:height\" content=\"1000\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Jonathan Rende\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jonathan Rende\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/\"},\"author\":{\"name\":\"Jonathan Rende\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/3bc63fc73f8171237cb6abba15df4536\"},\"headline\":\"Checkmarx Application Security Guide to Claude Mythos\",\"datePublished\":\"2026-04-13T20:52:30+00:00\",\"dateModified\":\"2026-04-19T06:26:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/\"},\"wordCount\":1521,\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Checkmarx-Application-Security-Guide-to-Claude-Mythos.webp\",\"keywords\":[\"Agentic AI\",\"Claude Mythos\",\"security\"],\"articleSection\":[\"AI &amp; LLM Tools in Application Security\",\"Blog\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/\",\"url\":\"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/\",\"name\":\"Checkmarx Application Security Guide to Claude Mythos\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Checkmarx-Application-Security-Guide-to-Claude-Mythos.webp\",\"datePublished\":\"2026-04-13T20:52:30+00:00\",\"dateModified\":\"2026-04-19T06:26:34+00:00\",\"description\":\"Claude Mythos highlights a new era of dynamic, AI-driven applications, and the growing security blind spots they create.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Checkmarx-Application-Security-Guide-to-Claude-Mythos.webp\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Checkmarx-Application-Security-Guide-to-Claude-Mythos.webp\",\"width\":2000,\"height\":1000},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/3bc63fc73f8171237cb6abba15df4536\",\"name\":\"Jonathan Rende\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/05\/download-150x150.jpg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/05\/download-150x150.jpg\",\"caption\":\"Jonathan Rende\"},\"url\":\"https:\/\/checkmarx.com\/author\/jonathan-rende\/\"}]}<\/script>\n<meta property=\"og:video\" content=\"https:\/\/www.youtube.com\/embed\/B9AJK5LbEds\" \/>\n<meta property=\"og:video:type\" content=\"text\/html\" \/>\n<meta property=\"og:video:duration\" content=\"860\" \/>\n<meta property=\"og:video:width\" content=\"480\" \/>\n<meta property=\"og:video:height\" content=\"270\" \/>\n<meta property=\"ya:ovs:adult\" content=\"false\" \/>\n<meta property=\"ya:ovs:upload_date\" content=\"2026-04-13T20:52:30+00:00\" \/>\n<meta property=\"ya:ovs:allow_embed\" content=\"true\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Checkmarx Application Security Guide to Claude Mythos","description":"Claude Mythos highlights a new era of dynamic, AI-driven applications, and the growing security blind spots they create.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/","og_locale":"en_US","og_type":"article","og_title":"Checkmarx Application Security Guide to Claude Mythos","og_description":"Claude Mythos highlights a new era of dynamic, AI-driven applications, and the growing security blind spots they create.","og_url":"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_published_time":"2026-04-13T20:52:30+00:00","article_modified_time":"2026-04-19T06:26:34+00:00","og_image":[{"width":2000,"height":1000,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Checkmarx-Application-Security-Guide-to-Claude-Mythos.webp","type":"image\/webp"}],"author":"Jonathan Rende","twitter_card":"summary_large_image","twitter_creator":"@checkmarx","twitter_site":"@checkmarx","twitter_misc":{"Written by":"Jonathan Rende","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/#article","isPartOf":{"@id":"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/"},"author":{"name":"Jonathan Rende","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/3bc63fc73f8171237cb6abba15df4536"},"headline":"Checkmarx Application Security Guide to Claude Mythos","datePublished":"2026-04-13T20:52:30+00:00","dateModified":"2026-04-19T06:26:34+00:00","mainEntityOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/"},"wordCount":1521,"publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Checkmarx-Application-Security-Guide-to-Claude-Mythos.webp","keywords":["Agentic AI","Claude Mythos","security"],"articleSection":["AI &amp; LLM Tools in Application Security","Blog"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/","url":"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/","name":"Checkmarx Application Security Guide to Claude Mythos","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Checkmarx-Application-Security-Guide-to-Claude-Mythos.webp","datePublished":"2026-04-13T20:52:30+00:00","dateModified":"2026-04-19T06:26:34+00:00","description":"Claude Mythos highlights a new era of dynamic, AI-driven applications, and the growing security blind spots they create.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Checkmarx-Application-Security-Guide-to-Claude-Mythos.webp","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Checkmarx-Application-Security-Guide-to-Claude-Mythos.webp","width":2000,"height":1000},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]},{"@type":"Person","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/3bc63fc73f8171237cb6abba15df4536","name":"Jonathan Rende","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/05\/download-150x150.jpg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/05\/download-150x150.jpg","caption":"Jonathan Rende"},"url":"https:\/\/checkmarx.com\/author\/jonathan-rende\/"}]},"og_video":"https:\/\/www.youtube.com\/embed\/B9AJK5LbEds","og_video_type":"text\/html","og_video_duration":"860","og_video_width":"480","og_video_height":"270","ya_ovs_adult":"false","ya_ovs_upload_date":"2026-04-13T20:52:30+00:00","ya_ovs_allow_embed":"true"},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/108259","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/146"}],"replies":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/comments?post=108259"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/108259\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/108273"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=108259"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/categories?post=108259"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/tags?post=108259"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}},{"id":108185,"date":"2026-04-07T08:49:03","date_gmt":"2026-04-07T06:49:03","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?p=108185"},"modified":"2026-04-07T08:49:06","modified_gmt":"2026-04-07T06:49:06","slug":"stop-manual-triaging-start-agentic-fixing","status":"publish","type":"post","link":"https:\/\/checkmarx.com\/blog\/stop-manual-triaging-start-agentic-fixing\/","title":{"rendered":"Stop Manual Triaging, Start\u00a0Agentic Fixing"},"content":{"rendered":"<p>Most security leaders are not struggling because they lack visibility. They are struggling because execution does not scale.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Triage capacity, decision consistency, and remediation throughput are being outpaced by modern development velocity, especially as AI-assisted coding becomes standard practice. The operating environment has changed. There is more code, more change, more dependencies, and more AI tooling.&nbsp;&nbsp;<\/p>\n\n\n\n<p>These conditions are turning manual triage into&nbsp;a governance&nbsp;and audit liability. The only sustainable path forward is to move security decisions&nbsp;and remediation into the pull request. There,&nbsp;risk decisions are documented, fixes are verified, and accountability already exists through governed, reviewable AI-assistance&nbsp;that accelerates execution without surrendering control.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-1\">The\u00a0Reality\u00a0Security\u00a0Executives\u00a0Are\u00a0Living\u00a0In\u00a0<\/h2>\n\n\n\n<p>Security and AppSec leaders are seeing the same pattern\u00a0repeat\u00a0across teams:\u00a0findings\u00a0accumulate, remediation cycles\u00a0aren\u2019t\u00a0keeping pace with\u00a0development,\u00a0and\u00a0audit conversations are becoming more demanding. The reason\u00a0isn\u2019t\u00a0just rising\u00a0expectations, but\u00a0the reality that\u00a0modern software\u00a0delivery\u00a0keeps expanding the attack surface while simultaneously making risk decisions harder to track and standardize. <\/p>\n\n\n\n<p>This\u00a0exposure\u00a0isn\u2019t\u00a0an\u00a0insufficient tooling or coverage\u00a0problem. Application security testing has expanded significantly over the past decade, introducing more scan types, deeper integrations, and great vulnerability visibility. Despite this progress, a consistent pattern remains: organizations often release new software even when they know risk is present, simply because their operating model cannot keep pace with delivery.\u00a0<\/p>\n\n\n\n<p><a href=\"https:\/\/checkmarx.com\/resources\/reports\/appsec-knowledge-gap\/\" target=\"_blank\" rel=\"noreferrer noopener\">Checkmarx\u00a0research\u00a0found that<\/a>\u00a081%\u00a0of organizations\u00a0knowingly shipped vulnerable code, and 98% experiences a breach tied to vulnerable code within the last year. Risk exposure is not cause by a lack of awareness; it&#8217;s a breakdown in execution. As AI-assisted development becomes the norm, that pressure only grows.<\/p>\n\n\n\n<p>Leaders at major software organizations have&nbsp;publicly stated&nbsp;that&nbsp;AI now generates&nbsp;a significant share&nbsp;of their code, with&nbsp;some&nbsp;<a href=\"https:\/\/techcrunch.com\/2025\/04\/29\/microsoft-ceo-says-up-to-30-of-the-companys-code-was-written-by-ai\/\" target=\"_blank\" rel=\"noreferrer noopener\">estimates ranging from 20 to 30 percent of code<\/a>&nbsp;in repositories and more than a quarter of new code.&nbsp;&nbsp;<\/p>\n\n\n\n<p>As software production&nbsp;accelerates,&nbsp;risk&nbsp;enters&nbsp;at the same pace.&nbsp;And when risk enters the system faster&nbsp;than teams can triage&nbsp;it,&nbsp;remediation becomes unpredictable.&nbsp;That unpredictability is what boards and regulators&nbsp;ultimately penalize. Detection has scaled. Execution has not.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-2\">Detection\u00a0Scaled,\u00a0Execution\u00a0Didn\u2019t.\u00a0Now What?\u00a0<\/h2>\n\n\n\n<p>Application security programs have made substantial progress over the last decade. Most enterprises now&nbsp;operate&nbsp;with broad coverage that includes SAST, SCA, CI\/CD integrations, and developer-focused tooling. However, many programs are now over-detecting&nbsp;vulnerabilities&nbsp;relative to their ability to act on findings. This imbalance creates operational friction and weakens overall security outcomes.&nbsp;<\/p>\n\n\n\n<p>The symptoms are consistent across organizations. Triage bottlenecks form as teams struggle to review large volumes of findings. Identical issues are handled differently across teams, creating inconsistency in decision-making. Findings\u00a0remain\u00a0unresolved for extended periods because priority is unclear, or remediation effort is high. Backlogs grow with items that are technically valid but not treated as immediate risk, while other issues are escalated without sufficient context.\u00a0<\/p>\n\n\n\n<p>This dynamic explains why&nbsp;more&nbsp;findings rarely reduce&nbsp;exposure. When everything is flagged,&nbsp;nothing gets fixed.&nbsp;Security leaders&nbsp;feel&nbsp;this as a credibility gap:&nbsp;dashboards show activity, but stakeholders&nbsp;want to know if the organization is&nbsp;getting&nbsp;more secure.&nbsp;That\u2019s&nbsp;a hard&nbsp;question&nbsp;to answer when decision-making is&nbsp;inconsistent,&nbsp;and remediation throughput cannot be predicted.&nbsp;<\/p>\n\n\n\n<p>The\u00a0<a href=\"https:\/\/csrc.nist.gov\/pubs\/sp\/800\/218\/final\" target=\"_blank\" rel=\"noreferrer noopener\">NIST Secure Software Development Framework<\/a>\u00a0reinforced this shift,\u00a0by requiring\u00a0organizations to\u00a0document\u00a0how risk decisions are made and demonstrate evidence of secure development practices. Detection alone is not sufficient. Organizations must show that vulnerabilities were evaluated in context and\u00a0resolved\u00a0in a consistent, auditable way.\u00a0\u00a0<\/p>\n\n\n\n<p>Detection is not the end state. Evidence-backed execution is.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-3\">Why\u00a0Manual\u00a0Triage\u00a0Is\u00a0Now a\u00a0Business\u00a0Risk\u00a0<\/h2>\n\n\n\n<p>At enterprise scale, manual triage is no longer simply inefficient.\u00a0When security teams manually interpret findings across hundreds of repositories, inconsistency is inevitable\u00a0and\u00a0becomes\u00a0an operational and governance risk.\u00a0Depending on the team reviewing, identical findings receive completely different treatment. One team immediately remediates, another dismisses it, and\u00a0another\u00a0marks it as accepted risk without a standardized rationale.\u00a0That inconsistency becomes a liability as regulators and auditors increasingly expect organizations to formally\u00a0document how vulnerabilities are categorized and managed. When the answers to basic governance questions vary across the organization, regulators interpret that variability as a lack of control. Who made the decision? What evidence supported it? Which policy\u00a0is\u00a0applied? Without consistent answers, risk exposure becomes unpredictable and difficult to defend.\u00a0\u00a0<\/p>\n\n\n\n<p>These growing expectations arrive precisely when&nbsp;teams are least equipped to meet them.&nbsp;Security teams face ongoing budget pressures and staffing shortages while vulnerability volumes&nbsp;keep rising. Headcount cannot scale in proportion to code volume.&nbsp;&nbsp;Instead, organizations need to scale execution by relying on more consistent, efficient, and automated approaches to vulnerability management.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-4\">The\u00a0Pull\u00a0Request\u00a0Is the\u00a0New\u00a0Control\u00a0Plane\u00a0<\/h2>\n\n\n\n<p>If risk is introduced continuously throughout development, governance must be applied at the point where decisions are actually made.&nbsp;In modern engineering environments, that point is the pull request.&nbsp;<\/p>\n\n\n\n<p>The pull request is where code changes become official:&nbsp;approvals&nbsp;granted, discussions&nbsp;recorded, checks&nbsp;enforced, and ownership is&nbsp;established. It is the&nbsp;<em>only place<\/em>&nbsp;where execution can be&nbsp;observed&nbsp;and governed at the same speed as development.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p>Security decisions belong where code is reviewed, approved, and merged, not buried in dashboards and ticketing systems.&nbsp;<\/p>\n\n\n\n<p>&nbsp;Checkmarx\u2019s&nbsp;<strong>Triage Assist<\/strong>&nbsp;and&nbsp;<strong>Remediation Assist<\/strong>&nbsp;operate&nbsp;directly within pull requests, ensuring that risk decisions are made in the same place where change control already exists. The principle is straightforward:&nbsp;if security execution is not visible within the pull&nbsp;request,&nbsp;it&nbsp;cannot be&nbsp;governed.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-5\">From\u00a0Alerts to\u00a0Outcomes:\u00a0What\u00a0Changes\u00a0<\/h2>\n\n\n\n<p>This shift does not&nbsp;eliminate&nbsp;human involvement;&nbsp;It&nbsp;just&nbsp;changes where human judgment is applied. Instead of spending time manually investigating large volumes of findings, teams focus on policy definition, exception handling, and approval.&nbsp;<\/p>\n\n\n\n<p><strong>Triage Assist<\/strong>\u00a0introduces a contextual, risk-based prioritization model that converts scan output into decision-grade outcomes. It evaluates vulnerabilities using attackability-driven analysis, combining reachability, exploitability, and policy context to\u00a0determine\u00a0which issues require action.\u00a0This approach moves triage away from severity-based sorting\u00a0toward context-based decision-making. Findings are classified into clear outcomes such as false positive, acceptable risk, or action\u00a0required, enabling consistent and defensible decisions across teams.\u00a0The shift toward context-driven decisioning aligns with broader industry efforts such as the\u00a0<a href=\"https:\/\/www.cisa.gov\/resources-tools\/resources\/vulnerability-exploitability-exchange-vex\" target=\"_blank\" rel=\"noreferrer noopener\">Vulnerability Exploitability\u00a0eXchange\u00a0(VEX)<\/a>, which communicates the exploitability of\u00a0a vulnerability in\u00a0context ,\u00a0not simply\u00a0if\u00a0it\u2019s\u00a0present.\u00a0<\/p>\n\n\n\n<p><strong>Remediation Assist<\/strong>&nbsp;addresses the next stage of execution. Once a decision is made, it generates reviewable, merge-ready fixes directly within the pull request workflow. These fixes are delivered as diffs or remediation pull requests that align with existing development processes. Nothing merges automatically; developers review and approve changes as part of their standard workflow, preserving governance while accelerating remediation throughput.&nbsp;<\/p>\n\n\n\n<p>Together,&nbsp;Triage Assist and Remediation Assist&nbsp;transform application security from a process centered on alerts&nbsp;to one&nbsp;focused on outcomes.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-6\">Governed AI,\u00a0Not\u00a0Autonomous\u00a0Chaos\u00a0<\/h2>\n\n\n\n<p>Security leaders&nbsp;don\u2019t&nbsp;need&nbsp;autonomous systems&nbsp;making&nbsp;unchecked changes to code. They need&nbsp;governed&nbsp;execution that improves speed while&nbsp;maintaining&nbsp;control. This distinction&nbsp;matters more&nbsp;as AI expands both development capabilities and&nbsp;the&nbsp;attack surface&nbsp;that comes with it.&nbsp;<\/p>\n\n\n\n<p>New risks, including prompt injection, supply chain manipulation, and excessive agent permissions, require careful control over how AI is used within development workflows. Even systems that include human oversight can introduce risk if decisions are not transparent or if context is incomplete.&nbsp;Industry frameworks such as the&nbsp;<a href=\"https:\/\/owasp.org\/www-project-top-10-for-large-language-model-applications\/\" target=\"_blank\" rel=\"noreferrer noopener\">OWASP Top 10 for Large Language Model Applications<\/a>&nbsp;highlight emerging risks including prompt injection, supply chain manipulation, and excessive agent permissions, reinforcing the need for controlled and explainable execution.&nbsp;<\/p>\n\n\n\n<p><em>Read more:\u00a0<a href=\"https:\/\/checkmarx.com\/blog\/when-the-ai-lies-a-new-threat-emerges-for-human-in-the-loop-security\/\" target=\"_blank\" rel=\"noreferrer noopener\">When the AI Lies: A New Threat Emerges for \u201cHuman-in-the-Loop&#8221; Security<\/a>\u00a0<\/em><\/p>\n\n\n\n<p>A governed approach to AI-driven security execution is\u00a0grounded\u00a0on clear principles. Human review remains mandatory through established approval workflows. Decision rationale is preserved to support auditability. Usage is scoped and controlled across repositories and environments. Automated changes are never merged without review.\u00a0<\/p>\n\n\n\n<p>This model ensures that AI accelerates your execution without also introducing uncontrolled behavior. It aligns with the needs of regulated, audit-driven environments where traceability and accountability are essential.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-7\">What\u00a0Success\u00a0Looks\u00a0Like for\u00a0Security\u00a0Executives\u00a0<\/h2>\n\n\n\n<p>The goal&nbsp;isn\u2019t&nbsp;better&nbsp;visibility alone, but predictable execution with measurable outcomes:&nbsp;reduced time to decision, faster remediation cycles, and smaller vulnerability backlogs. Standardized, evidence-based triage reduces the need to repeatedly evaluate the same issues across teams,&nbsp;which improves both&nbsp;efficiency and consistency.&nbsp;<\/p>\n\n\n\n<p>Higher fix acceptance rates and fewer regressions\u00a0indicate\u00a0that remediation is delivered in ways that fit developer workflows, without destabilizing applications. Consistent outcomes across teams means that governance is being applied systematically rather than left to individual judgement.<\/p>\n\n\n\n<p>Audit readiness matters just as much. Security artifacts must be tied directly to execution, including pull request discussions, approvals, and documented decisions.\u00a0This reduces reliance on retrospective explanations when auditors and boards come asking. These outcomes are becoming more critical as exploitation windows continue to shrink. Vulnerabilities are often exploited shortly after disclosure, which mean delayed triage is no longer a workflow preference. It&#8217;s a business risk.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-8\">The\u00a0Strategic\u00a0Shift\u00a0<\/h2>\n\n\n\n<p>Security leaders do not need more&nbsp;alerts,&nbsp;they need more finished work. Moving away from manual triage is not about reducing security effort, but&nbsp;about operationalizing security in a way that scales with modern development.&nbsp;<\/p>\n\n\n\n<p>Effective application security requires decisions that are grounded in context, remediation&nbsp;delivered within the development workflow, and governance&nbsp;preserved through auditable processes. This is the shift toward agentic application security, where the gap between how quickly software is created and how quickly risk&nbsp;is&nbsp;understood and mitigated&nbsp;can be&nbsp;closed without slowing innovation.&nbsp;<\/p>\n\n\n\n<p><em>Ready to move from manual triage to scalable, governed execution? Explore Checkmarx&#8217;s <a href=\"https:\/\/checkmarx.com\/the-agentic-ai-buyers-guide\/\">Agentic AI Buyer\u2019s Guide<\/a> to see how leading teams are operationalizing this shift.<\/em><\/p>","protected":false},"excerpt":{"rendered":"<p>Why execution, not detection, is now the defining AppSec challenge.<\/p>\n","protected":false},"author":32,"featured_media":108186,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[84],"tags":[1272,1409,1411,1452],"class_list":["post-108185","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-agentic-ai","tag-ai-agents","tag-ai-in-engineering","tag-developer-assist"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Stop Manual Triaging, Start\u00a0Agentic Fixing<\/title>\n<meta name=\"description\" content=\"AI is turning manual triage into\u00a0a governance liability. The only path forward is to move security decisions into the pull request.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/blog\/stop-manual-triaging-start-agentic-fixing\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Stop Manual Triaging, Start\u00a0Agentic Fixing\" \/>\n<meta property=\"og:description\" content=\"AI is turning manual triage into\u00a0a governance liability. The only path forward is to move security decisions into the pull request.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/blog\/stop-manual-triaging-start-agentic-fixing\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-07T06:49:03+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-07T06:49:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Copy-of-Blog-Banner-1.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1280\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Rebecca Spiegel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rebecca Spiegel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/checkmarx.com\/blog\/stop-manual-triaging-start-agentic-fixing\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/stop-manual-triaging-start-agentic-fixing\/\"},\"author\":{\"name\":\"Rebecca Spiegel\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/a3ab30b42e891e3562aa46a70bbb0674\"},\"headline\":\"Stop Manual Triaging, Start\u00a0Agentic Fixing\",\"datePublished\":\"2026-04-07T06:49:03+00:00\",\"dateModified\":\"2026-04-07T06:49:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/stop-manual-triaging-start-agentic-fixing\/\"},\"wordCount\":1754,\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/stop-manual-triaging-start-agentic-fixing\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Copy-of-Blog-Banner-1.webp\",\"keywords\":[\"Agentic AI\",\"AI Agents\",\"AI in Engineering\",\"developer assist\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/blog\/stop-manual-triaging-start-agentic-fixing\/\",\"url\":\"https:\/\/checkmarx.com\/blog\/stop-manual-triaging-start-agentic-fixing\/\",\"name\":\"Stop Manual Triaging, Start\u00a0Agentic Fixing\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/stop-manual-triaging-start-agentic-fixing\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/stop-manual-triaging-start-agentic-fixing\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Copy-of-Blog-Banner-1.webp\",\"datePublished\":\"2026-04-07T06:49:03+00:00\",\"dateModified\":\"2026-04-07T06:49:06+00:00\",\"description\":\"AI is turning manual triage into\u00a0a governance liability. The only path forward is to move security decisions into the pull request.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/blog\/stop-manual-triaging-start-agentic-fixing\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/blog\/stop-manual-triaging-start-agentic-fixing\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Copy-of-Blog-Banner-1.webp\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Copy-of-Blog-Banner-1.webp\",\"width\":2560,\"height\":1280,\"caption\":\"Start Agentic Fixing\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/a3ab30b42e891e3562aa46a70bbb0674\",\"name\":\"Rebecca Spiegel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_32.jpg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_32.jpg\",\"caption\":\"Rebecca Spiegel\"},\"url\":\"https:\/\/checkmarx.com\/author\/rebecca\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Stop Manual Triaging, Start\u00a0Agentic Fixing","description":"AI is turning manual triage into\u00a0a governance liability. The only path forward is to move security decisions into the pull request.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/blog\/stop-manual-triaging-start-agentic-fixing\/","og_locale":"en_US","og_type":"article","og_title":"Stop Manual Triaging, Start\u00a0Agentic Fixing","og_description":"AI is turning manual triage into\u00a0a governance liability. The only path forward is to move security decisions into the pull request.","og_url":"https:\/\/checkmarx.com\/blog\/stop-manual-triaging-start-agentic-fixing\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_published_time":"2026-04-07T06:49:03+00:00","article_modified_time":"2026-04-07T06:49:06+00:00","og_image":[{"width":2560,"height":1280,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Copy-of-Blog-Banner-1.webp","type":"image\/webp"}],"author":"Rebecca Spiegel","twitter_card":"summary_large_image","twitter_creator":"@checkmarx","twitter_site":"@checkmarx","twitter_misc":{"Written by":"Rebecca Spiegel","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/checkmarx.com\/blog\/stop-manual-triaging-start-agentic-fixing\/#article","isPartOf":{"@id":"https:\/\/checkmarx.com\/blog\/stop-manual-triaging-start-agentic-fixing\/"},"author":{"name":"Rebecca Spiegel","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/a3ab30b42e891e3562aa46a70bbb0674"},"headline":"Stop Manual Triaging, Start\u00a0Agentic Fixing","datePublished":"2026-04-07T06:49:03+00:00","dateModified":"2026-04-07T06:49:06+00:00","mainEntityOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/stop-manual-triaging-start-agentic-fixing\/"},"wordCount":1754,"publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/stop-manual-triaging-start-agentic-fixing\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Copy-of-Blog-Banner-1.webp","keywords":["Agentic AI","AI Agents","AI in Engineering","developer assist"],"articleSection":["Blog"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/blog\/stop-manual-triaging-start-agentic-fixing\/","url":"https:\/\/checkmarx.com\/blog\/stop-manual-triaging-start-agentic-fixing\/","name":"Stop Manual Triaging, Start\u00a0Agentic Fixing","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/stop-manual-triaging-start-agentic-fixing\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/stop-manual-triaging-start-agentic-fixing\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Copy-of-Blog-Banner-1.webp","datePublished":"2026-04-07T06:49:03+00:00","dateModified":"2026-04-07T06:49:06+00:00","description":"AI is turning manual triage into\u00a0a governance liability. The only path forward is to move security decisions into the pull request.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/blog\/stop-manual-triaging-start-agentic-fixing\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/blog\/stop-manual-triaging-start-agentic-fixing\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Copy-of-Blog-Banner-1.webp","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Copy-of-Blog-Banner-1.webp","width":2560,"height":1280,"caption":"Start Agentic Fixing"},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]},{"@type":"Person","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/a3ab30b42e891e3562aa46a70bbb0674","name":"Rebecca Spiegel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_32.jpg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_32.jpg","caption":"Rebecca Spiegel"},"url":"https:\/\/checkmarx.com\/author\/rebecca\/"}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/108185","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/comments?post=108185"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/108185\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/108186"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=108185"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/categories?post=108185"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/tags?post=108185"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}},{"id":108007,"date":"2026-04-07T01:00:00","date_gmt":"2026-04-06T23:00:00","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?post_type=zero-post&#038;p=108007"},"modified":"2026-04-01T21:10:33","modified_gmt":"2026-04-01T19:10:33","slug":"same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578","status":"publish","type":"zero-post","link":"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/","title":{"rendered":"Same Origin, Same Tricks: Bypassing n8n&#8217;s CSP Sandbox (CVE-2026-27578)"},"content":{"rendered":"<style type=\"text\/css\">\n@import url(\"https:\/\/cmxiv.net\/cxzero\/cxzero-blog-styles-inject.extracted.css\");\n@import url(\"https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/highlight.js\/11.11.1\/styles\/vs2015.min.css\");\n<\/style>\n<script src=\"https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/highlight.js\/11.11.1\/highlight.min.js\" integrity=\"sha512-EBLzUL8XLl+va\/zAsmXwS7Z2B1F9HUHkZwyS\/VKwh3S7T\/U0nF4BaU29EP\/ZSf6zgiIxYAnKLu6bJ8dqpmX5uw==\" crossorigin=\"anonymous\" referrerpolicy=\"no-referrer\"><\/script>\n<script>hljs.highlightAll();<\/script>\n\n\n\n\n<p class=\"print-source-info\"><script>\n    document.write(\"&copy;&nbsp;Checkmarx, all rights reserved. Retrieved \" + new Date().toLocaleDateString() + \" from<br\/>\" + window.location.href)<\/script>\n    <noscript>This document &copy;&nbsp;Checkmarx, all rights reserved.<\/noscript>\n<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"Overview:-Stored-XSS-in-open-source-workflow-platform-n8n\">Overview of CVE-2026-27578: Stored XSS in open-source workflow platform n8n<\/h2>\n\n\n\n<p>Checkmarx Zero has discovered a stored cross-site scripting (XSS) vulnerability (CVE-2026-27578) in <a href=\"https:\/\/github.com\/n8n-io\/n8n\">n8n<\/a>, the popular open-source workflow automation platform. The vulnerability allows an authenticated attacker to bypass n8n&#8217;s existing Content Security Policy (CSP) sandbox protections by abusing the Webhook Response functionality with content types not on the denylist (e.g., <code>image\/svg+xml<\/code>).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Impact\">Impact<\/h3>\n\n\n\n<p>Successful exploitation enables arbitrary JavaScript execution in the context of a victim&#8217;s authenticated n8n session. This can lead to session hijacking, credential theft, and full account takeover.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Affected-Users\">Affected Users<\/h3>\n\n\n\n<p>Users running n8n versions:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>&lt; 1.123.22<\/code><\/li>\n\n\n\n<li><code>>= 2.0.0 &lt; 2.9.3<\/code><\/li>\n\n\n\n<li><code>>= 2.10.0 &lt; 2.10.1<\/code><\/li>\n<\/ul>\n\n\n\n<p>The issue is tracked as <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-27578\">CVE-2026-27578<\/a>(<a href=\"https:\/\/github.com\/n8n-io\/n8n\/security\/advisories\/GHSA-2p9h-rqjw-gm92\">Stored XSS via Various Nodes<\/a>, CVSS=8.5) and was addressed in versions:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>2.10.1<\/code><\/li>\n\n\n\n<li><code>2.9.3<\/code><\/li>\n\n\n\n<li><code>1.123.22<\/code><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Remediation\">Remediation<\/h3>\n\n\n\n<p>The issues have been fixed in n8n versions <code>2.10.1<\/code>, <code>2.9.3<\/code>, and <code>1.123.22<\/code>. Users should upgrade to one of these versions or later to remediate the vulnerability.<\/p>\n\n\n    <div class=\"section-zero-article light-theme\">\n        <div class=\"section-zero-article__wrapper\">\n            <div class=\"section-zero-article__nav-wrapper\">\n\t\t\t\t<div class=\"section-article-title\">Get e-mail updates about new Checkmarx Zero research<\/div>\n                <button class=\"section-article-button\">Subscribe to our newsletter                    <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/themes\/checkmarx\/assets\/images\/subscribe-zero\/right_up_big.svg\" alt=\"right\">\n                <\/button>\n            <\/div>\n            <img decoding=\"async\" class=\"visual-image\" src=\"https:\/\/checkmarx.com\/wp-content\/themes\/checkmarx\/assets\/images\/subscribe-zero\/visual-article.png\" alt=\"visual\">\n        <\/div>\n    <\/div>\n\t<!-- zero-subscribe-form-modal -->\n<div class=\"modal zero-subscribe-modal\" id=\"zero-subscribe-modal\">\n    <div class=\"modal__overlay modal__header-overlay\" tabindex=\"-1\">\n        <div class=\"modal__container\">\n            <header class=\"modal__header\" tabindex=\"2\">\n                <button class=\"modal__close-zero\" title=\"Close window\" aria-label=\"Close window\"><\/button>\n                <div class=\"section-subscribe\">\n                    <div class=\"section-subscribe__wrap-form\">\n                        <div class=\"section-subscribe__leftPart\">\n                            <div class=\"zero-modal-container\">\n                                <span class=\"zero-modal-container__title\">Never Miss Checkmarx <br> Zero Research Updates.<\/span>\n                                <span class=\"zero-modal-container__description\">Subscribe today!<\/span>\n                            <\/div>\n                            <img decoding=\"async\" class=\"zero-visual\" src=\"https:\/\/checkmarx.com\/wp-content\/themes\/checkmarx\/assets\/images\/subscribe-zero\/cx_zero_subscribe_visual.webp\" alt=\"visual\">\n                        <\/div>\n                        <div class=\"section-subscribe__form hbsp-form form-with-multi-tags-select\">\n                            <script charset=\"utf-8\" type=\"text\/javascript\" src=\"\/\/js.hsforms.net\/forms\/embed\/v2.js\"><\/script>\n                            <script>\n                                hbspt.forms.create({\n                                    region: \"na1\",\n                                    portalId: \"146169\",\n                                    formId: \"fefb6730-994f-41bf-84ae-79460279a306\",\n                                    onFormReady: function ($form) {\n                                        [\n                                            ...document.querySelectorAll('.hs_firstname'),\n                                            ...document.querySelectorAll('.hs_lastname'),\n                                            ...document.querySelectorAll('.hs_company'),\n                                            ...document.querySelectorAll('.hs_jobtitle'),\n                                            ...document.querySelectorAll('.hs-dependent-field')\n                                        ].forEach(elem => elem.style.display = 'none');\n\n\n                                    },\n                                    onFormSubmit: function ($form) {\n                                        document.querySelector('.zero-visual').style.display = 'none';\n                                        document.querySelector('.section-subscribe__leftPart').style.display = 'none';\n                                        document.querySelector('.form-description').style.display = 'none';\n                                        document.querySelector('.section-subscribe__form').style.margin = 0;\n                                        document.querySelector('.section-subscribe__form').style.padding = 0;\n                                        document.querySelector('.section-subscribe').style.minHeight = '132px';\n                                        document.querySelector('.section-subscribe__wrap-form').style.minHeight = '132px';\n                                        document.querySelector('.subscribe-zero-button__description-wrapper')\n                                            .classList\n                                            .add('subscribe-zero-button__description-hide');\n                                    }\n                                });\n                                document.addEventListener('change', (e) => {\n                                    if (e.target.closest('.hs-input')) {\n                                        [\n                                            ...document.querySelectorAll('.hs_firstname'),\n                                            ...document.querySelectorAll('.hs_lastname'),\n                                            ...document.querySelectorAll('.hs_company'),\n                                            ...document.querySelectorAll('.hs_jobtitle'),\n                                            ...document.querySelectorAll('.hs-dependent-field')\n                                        ].forEach(elem => elem.style.display = 'block');\n                                    }\n\n                                })\n                            <\/script>\n                            <p class=\"form-description\">By submitting my information to Checkmarx, I hereby consent to the terms and conditions found in the <a href=\"\/legal\/privacy-policy\/\" target=\"_blank\">Checkmarx\u00a0Privacy\u00a0Policy<\/a> and to the processing of my personal data as described therein. By clicking submit above, you consent to allow Checkmarx to store and process the personal information submitted above to provide you the content requested.<\/p>\n                        <\/div>\n                    <\/div>\n                <\/div>\n            <\/header>\n        <\/div>\n    <\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"Vulnerability-Drilldown\">n8n CVE-2026-27578 Vulnerability Technical Drilldown<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Introduction\">Introduction<\/h3>\n\n\n\n<p><a href=\"https:\/\/n8n.io\/\"><strong>n8n<\/strong><\/a> is an open-source workflow automation platform that has become one of the most widely adopted tools in its category, with over 178K GitHub stars, and a rapidly growing community of self-hosted and cloud users. It enables developers, DevOps engineers, and increasingly non-technical teams to connect APIs, automate business processes, and build internal tooling through a visual, node-based interface.<\/p>\n\n\n\n<p>Its flexibility is a double-edged sword. n8n workflows can receive external HTTP requests via webhooks, execute arbitrary code, interact with databases, and return custom HTTP responses, all configured through the UI. This power makes n8n a compelling target, especially in multi-user or shared environments.<\/p>\n\n\n\n<p>Checkmarx Zero discovered and responsibly disclosed a Cross-Site Scripting (XSS) vulnerability in some versions of n8n via the \u201c<a href=\"https:\/\/docs.n8n.io\/integrations\/builtin\/core-nodes\/n8n-nodes-base.respondtowebhook\/\">Respond to Webhook<\/a>\u201d node.<\/p>\n\n\n\n<p>n8n&#8217;s maintainers had already recognized the risk of XSS via webhook responses and implemented a mitigation in the form of a \u201cCSP Sandbox\u201d control, attempting to isolate untrusted data from the page. However, the vulnerability Checkmarx Zero uncovered in our research allows attackers to bypass that sandbox and conduct an XSS attack anyway.<\/p>\n\n\n\n<p>We explain below how that mitigation was bypassed, and why the previous underlying design choice, a denylist of dangerous content types, leaves the door open to further abuse.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"High-Level-Flow\">High-Level Flow<\/h3>\n\n\n\n<p>n8n&#8217;s \u201cRespond to Webhook\u201d node allows a workflow author to define a custom HTTP response, including headers, status code, and body, that is returned to the caller when a webhook is triggered.<\/p>\n\n\n\n<p>The problem arises because this response is served <strong>from the n8n application&#8217;s <\/strong><a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Glossary\/Origin\"><strong>own origin<\/strong><\/a>. If an attacker can control the response body and <code>Content-Type<\/code> header, and if the browser interprets that response as renderable content, any embedded scripts will execute with full access to the n8n browser context, including cookies, session storage, and the Document Object Model (DOM).<\/p>\n\n\n\n<p>The attack flow is straightforward:<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>An authenticated attacker creates (or modifies) a workflow containing a Webhook trigger and a \u201cRespond to Webhook\u201d node.<\/li>\n\n\n\n<li>The response is configured to return a body containing a malicious SVG with embedded JavaScript, and a <code>Content-Type<\/code> of <code>image\/svg+xml<\/code>.<\/li>\n\n\n\n<li>The attacker waits for the privileged user to access the webhook URL from the tampered workflow, or just shares the webhook URL with a victim (a legitimate n8n user or administrator).<\/li>\n\n\n\n<li>When the victim visits the URL in their browser, the SVG is rendered, the JavaScript executes on the n8n origin, and the attacker can exfiltrate session data or perform actions on the victim&#8217;s behalf.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"The-CSP-Sandbox\">The CSP Sandbox<\/h3>\n\n\n\n<p>The <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Guides\/CSP\">Content Security Policy (CSP) header<\/a> is a browser security mechanism that controls how web content behaves and interacts with external resources. The <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Reference\/Headers\/Content-Security-Policy\/sandbox\">CSP\u2019s sandbox directive<\/a> places the requested resource into a restricted environment, similar to the <code>sandbox<\/code> attribute on an <code>&lt;iframe&gt;<\/code>. This allows the developer to add strict limitations on the page&#8217;s capabilities, such as blocking pop-ups, preventing the execution of plugins and scripts, and assigning a <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Glossary\/Origin#opaque_origin\">unique opaque origin<\/a> to the content (effectively restricting access to the original origin resources).<\/p>\n\n\n\n<p>In scenarios like this, where n8n needs to prevent webhook-served content from accessing resources on the same origin (where the &#8220;Respond to Webhook&#8221; node runs), the CSP <code>sandbox<\/code> directive is the way to go.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"The-Existing-Mitigation-and-Why-It-Failed\">The Existing Mitigation and Why It Failed<\/h3>\n\n\n\n<p>n8n&#8217;s developers were aware of the risk. The codebase includes a function called <code>isHtmlRenderedContentType<\/code> that checks the <code>Content-Type<\/code> of a webhook response against a <a href=\"https:\/\/github.com\/n8n-io\/n8n\/blob\/da11043e960518a68facc272ac3bd8368180242f\/packages\/core\/src\/html-sandbox.ts#L19-L25\">denylist of MIME types<\/a> known to be rendered as HTML by browsers. When a match is found, n8n adds a CSP sandbox to the response, which should theoretically protect users from malicious content served through the &#8220;Respond to Webhook&#8221; node.<\/p>\n\n\n\n<p>For example, a response with <code>Content-Type: text\/html<\/code> is correctly intercepted. The CSP sandbox prevents scripts served by the &#8220;Respond to Webhook&#8221; node from accessing resources, such as cookies, that belong to the user on the same origin.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" width=\"800\" height=\"418\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260222-151427.webp\" alt=\"\" class=\"wp-image-108008\" srcset=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260222-151427.webp 800w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260222-151427-300x157.webp 300w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260222-151427-768x401.webp 768w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260222-151427-400x209.webp 400w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><figcaption class=\"wp-element-caption\">A response returned by \u201cResponse to Webhook\u201d node with the header <code>Content-Type: text\/html<\/code><\/figcaption><\/figure>\n<\/div>\n\n\n<p>However, <code>image\/svg+xml<\/code> was not included in this denylist. SVG is a first-class citizen in the browser rendering engine. It is an XML document that is rendered inline as an image, but it supports the full SVG DOM which, critically, can contain <code>&lt;script><\/code> elements that execute JavaScript in the context of the document&#8217;s origin. By setting the response <code>Content-Type<\/code> to <code>image\/svg+xml<\/code> and embedding a script payload in the SVG body, the CSP sandbox was bypassed entirely:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" width=\"800\" height=\"582\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260222-151449.webp\" alt=\"\" class=\"wp-image-108009\" srcset=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260222-151449.webp 800w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260222-151449-300x218.webp 300w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260222-151449-768x559.webp 768w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260222-151449-400x291.webp 400w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading\" id=\"The-Deeper-Problem:-Denylist-vs.-Allowlist\">The Deeper Problem: Denylist vs. Allowlist<\/h3>\n\n\n\n<p>The SVG bypass is a clear and practical vulnerability, but it is symptomatic of a more fundamental design issue: the use of a denylist to identify dangerous content types.<\/p>\n\n\n\n<p>The old mitigation resides in the <a href=\"https:\/\/github.com\/n8n-io\/n8n\/blob\/21eec59aa43e2a55b6e19f167a4bba0ac8b403cc\/packages\/core\/src\/html-sandbox.ts#L19-L26\">html-sandbox.ts<\/a> file.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"1024\" height=\"226\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260303-105512-1024x226.webp\" alt=\"\" class=\"wp-image-108010\" srcset=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260303-105512-1024x226.webp 1024w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260303-105512-300x66.webp 300w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260303-105512-768x169.webp 768w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260303-105512-400x88.webp 400w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260303-105512.webp 1117w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Sandbox is only applied if the <code>Content-Type<\/code> used is one of the above<\/figcaption><\/figure>\n<\/div>\n\n\n<p>A denylist approach requires the developers to anticipate every MIME type a browser might render as executable content, now and in the future. This is a losing game. Browser behavior around content types is complex, inconsistent across vendors, and subject to change. Two areas illustrate this risk:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<strong>Content-Type interpretation quirks:<\/strong> Different browsers handle unusual or malformed <code>Content-Type<\/code> values differently, and some of these discrepancies can be exploited to execute scripts. <a href=\"https:\/\/github.com\/BlackFan\/content-type-research\/blob\/master\/XSS.md\">BlackFan&#8217;s content-type research<\/a> catalogs numerous such cases, including types and payloads that trigger XSS across specific browser versions.<\/li>\n\n\n\n<li>\n<strong>MIME type sniffing:<\/strong> Browsers may ignore the declared <code>Content-Type<\/code> header and infer the actual type from the response body. This behavior can cause a response declared as a benign type to be rendered as HTML or script. A detailed treatment of MIME sniffing edge cases is available in <a href=\"https:\/\/aszx87410.github.io\/beyond-xss\/en\/ch5\/mime-sniffing\/\">Huli&#8217;s &#8220;Beyond XSS&#8221; research<\/a>.<\/li>\n<\/ul>\n\n\n\n<p>Any of these edge cases could yield additional bypasses of the denylist. The recommended approach is to replace the denylist with a strict allowlist of known-safe MIME types (for instance, based on <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Guides\/MIME_types\/Common_types\">MDN&#8217;s common MIME types reference<\/a> and the references mentioned above). All content types not explicitly on the allowlist should be treated as potentially dangerous and served within the CSP sandbox.<\/p>\n\n\n\n<p>An even better solution, though, is to simply add the CSP sandbox header to any webhook response returned by the \u201cRespond to Webhook\u201d node. This is the mitigation chosen by the n8n team, as there are no real benefits in having specific webhook responses without the sandbox.<\/p>\n\n\n\n<p>The function <code>isHtmlRenderedContentType<\/code> was removed from <a href=\"https:\/\/github.com\/n8n-io\/n8n\/blob\/062644ef786b6af480afe4a0f12bc6d70040534a\/packages\/core\/src\/html-sandbox.ts\">html-sandbox.ts<\/a>, and now the header is <a href=\"https:\/\/github.com\/n8n-io\/n8n\/blob\/062644ef786b6af480afe4a0f12bc6d70040534a\/packages\/cli\/src\/webhooks\/webhook-request-handler.ts#L138-L144\">set in every response, unless protection is explicitly disabled<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"Could-AI-Find-This?\">Could AI have found the n8n CVE-2026-27578?<\/h2>\n\n\n\n<p>The short answer is maybe: it\u2019s possible, but definitely not guaranteed.<\/p>\n\n\n\n<p>As you may know, our team recently conducted a deep dive into zero-day identification using LLMs (<a href=\"https:\/\/checkmarx.com\/zero-post\/learning-about-llm-based-zero-day-hunting-with-claude-codes-opus-4-6\/\">Hunting 0-days with Opus 4.6<\/a>, <a href=\"https:\/\/checkmarx.com\/zero-post\/unearned-confidence-ai-security-reviewers-dont-really-get-it\/\">The Unearned Confidence<\/a>).<\/p>\n\n\n\n<p>One of the techniques we explored was asking Claude to analyze historical CVE patches to determine whether the fix truly resolved the vulnerability, or quietly introduced a new one.<\/p>\n\n\n\n<p>This Stored XSS was one such example. We provided Claude with a previous CVE, its fix, and some additional context:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-25051\">CVE-2026-25051<\/a><\/li>\n\n\n\n<li>The corresponding <a href=\"https:\/\/github.com\/n8n-io\/n8n\/commit\/e8cf4d6bb3af94dc296cbb67bc3dd20e9b508ac9\">commit<\/a> &amp; and full file contents (of those that changed)<\/li>\n<\/ul>\n\n\n\n<p>We did this a few times with different models and got a bunch of different, inconsistent results.<br>Here are just two examples (prompts were identical):<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Opus-4.6---First-Try\">Opus 4.6 &#8211; First Try<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" width=\"647\" height=\"289\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260309-105503.webp\" alt=\"\" class=\"wp-image-108011\" srcset=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260309-105503.webp 647w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260309-105503-300x134.webp 300w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260309-105503-400x179.webp 400w\" sizes=\"(max-width: 647px) 100vw, 647px\" \/><figcaption class=\"wp-element-caption\">First analysis completly miss the vulnerability<\/figcaption><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading\">Opus 4.6 &#8211; Second Try<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" width=\"643\" height=\"581\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260309-105241.webp\" alt=\"\" class=\"wp-image-108012\" srcset=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260309-105241.webp 643w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260309-105241-300x271.webp 300w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260309-105241-332x300.webp 332w\" sizes=\"(max-width: 643px) 100vw, 643px\" \/><figcaption class=\"wp-element-caption\">Opus 4.6\u2019s second analysis was much more accurate<\/figcaption><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading\">Sonnet Analysis<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" width=\"732\" height=\"460\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260309-105959.webp\" alt=\"\" class=\"wp-image-108013\" srcset=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260309-105959.webp 732w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260309-105959-300x189.webp 300w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260309-105959-400x251.webp 400w\" sizes=\"(max-width: 732px) 100vw, 732px\" \/><figcaption class=\"wp-element-caption\">Sonnet analysis was right, but for the wrong reasons<\/figcaption><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading\">So was AI right? Not really&#8230;<\/h3>\n\n\n\n<p>Let\u2019s be clear: the pattern in that code sample, a denylist, is something most security professionals would at least have a gut feeling about. Denylists are notoriously difficult to implement correctly in many contexts, especially when combined with the well-known SVG bypass technique for XSS.<\/p>\n\n\n\n<p>Yet when this <em>single file<\/em> was analyzed by multiple LLMs, the denylist was often not flagged. Even when the same file was analyzed multiple times by the same model, it did not consistently identify the vulnerable pattern. Honestly? We expected it to catch this.<\/p>\n\n\n\n<p>This is another reminder that an autonomous AI agent, operating without a security professional applying critical thinking and domain expertise, is not enough. In some cases, it can even create a false sense of security while real issues remain undetected.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"Summary\">Summary of n8n CVE-2026-27578<\/h2>\n\n\n\n<p>A CSP sandbox bypass in n8n&#8217;s webhook response handling was found and fixed. The platform&#8217;s existing XSS mitigation relied on a denylist of content types deemed capable of rendering HTML. By responding with <code>Content-Type<\/code>s absent from the denylist but capable of executing JavaScript in the browser, an authenticated attacker could run arbitrary scripts on the n8n origin, leading to session hijacking and account takeover.<\/p>\n\n\n\n<p>Beyond the specific SVG vector, this research highlights the inherent fragility of denylist-based content type filtering. Browser MIME sniffing behavior and cross-browser content type interpretation quirks present an open-ended set of potential bypass vectors.<\/p>\n\n\n\n<p>Organizations running affected versions of n8n should upgrade to <code>2.10.1<\/code>, <code>2.9.3<\/code>, or <code>1.123.22<\/code> immediately.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"Responsible-Disclosure-Timeline\">CVE-2026-27578 Responsible Disclosure Timeline<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody>\n<tr>\n<th class=\"has-text-align-left\" data-align=\"left\">Date<\/th>\n<th class=\"has-text-align-left\" data-align=\"left\">Event<\/th>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\">Feb 10, 2026<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Vulnerability reported to the n8n security team.<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\">Feb 11, 2026<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Additional context on denylist risks shared with n8n<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\">Feb 11, 2026<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">n8n acknowledged the report &amp; accept it<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\">Feb 25, 2026<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Fix released in n8n <code>2.10.1<\/code>, <code>2.9.3<\/code>, <code>1.123.22<\/code>.<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\">Feb 25, 2026<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Published: <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-27578\">CVE-2026-27578<\/a> &amp; <a href=\"https:\/\/github.com\/n8n-io\/n8n\/security\/advisories\/GHSA-2p9h-rqjw-gm92\">Advisory<\/a>\n<\/td>\n<\/tr>\n<\/tbody><\/table><\/figure>\n\n\n\n<style type=\"text\/css\">.cxzero-social{margin-top:1em;padding-top:1em;border-top:1px solid #121086;border-bottom:1px solid #121086;padding-bottom:1em}.cxzero-social p{padding-top:.8em}.cxzero-social .cxzero-social-links{margin-left:.8em}.cxzero-social .social-link{margin-left:.6em}.cxzero-social .social-button{padding:.6em;margin:.2em .2em .2em .2em;white-space:nowrap}.cxzero-social .social-button svg,.cxzero-social .social-link svg{vertical-align:middle;height:1.3em}.cxzero-social .social-button a,.cxzero-social .social-link a{text-decoration:none !important}<\/style> <div class=\"cxzero-social\">\n<p> <span class=\"social-button\"><a class=\"social-action\" href=\"https:\/\/www.linkedin.com\/sharing\/share-offsite\/?url={url}\" onload=\"\"><svg id=\"Layer_1\" data-name=\"Layer 1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" alt=\"LinkedIn Icon\" viewbox=\"0 0 122.88 122.31\"><defs><style>.cls-1{fill:#0a66c2}.cls-1,.cls-2{fill-rule:evenodd}.cls-2{fill:#fff}<\/style><\/defs><title>linkedin-app<\/title>\n<path class=\"cls-1\" d=\"M27.75,0H95.13a27.83,27.83,0,0,1,27.75,27.75V94.57a27.83,27.83,0,0,1-27.75,27.74H27.75A27.83,27.83,0,0,1,0,94.57V27.75A27.83,27.83,0,0,1,27.75,0Z\"><\/path><path class=\"cls-2\" d=\"M49.19,47.41H64.72v8h.22c2.17-3.88,7.45-8,15.34-8,16.39,0,19.42,10.2,19.42,23.47V98.94H83.51V74c0-5.71-.12-13.06-8.42-13.06s-9.72,6.21-9.72,12.65v25.4H49.19V47.41ZM40,31.79a8.42,8.42,0,1,1-8.42-8.42A8.43,8.43,0,0,1,40,31.79ZM23.18,47.41H40V98.94H23.18V47.41Z\"><\/path><\/svg> Share on LinkedIn<\/a><\/span> <span class=\"social-button\"><a class=\"social-action\" href=\"https:\/\/bsky.app\/intent\/compose?text=I%20just%20read%20%22{title}%22%20from%20Checkmarx%20Zero%20{url}\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" shape-rendering=\"geometricPrecision\" text-rendering=\"geometricPrecision\" image-rendering=\"optimizeQuality\" fill-rule=\"evenodd\" clip-rule=\"evenodd\" alt=\"Bluesky Icon\" viewbox=\"0 0 511.999 452.266\"> <path fill=\"#0085FF\" fill-rule=\"nonzero\" d=\"M110.985 30.442c58.695 44.217 121.837 133.856 145.013 181.961 23.176-48.105 86.322-137.744 145.016-181.961 42.361-31.897 110.985-56.584 110.985 21.96 0 15.681-8.962 131.776-14.223 150.628-18.272 65.516-84.873 82.228-144.112 72.116 103.55 17.68 129.889 76.238 73 134.8-108.04 111.223-155.288-27.905-167.385-63.554-3.489-10.262-2.991-10.498-6.561 0-12.098 35.649-59.342 174.777-167.382 63.554-56.89-58.562-30.551-117.12 72.999-134.8-59.239 10.112-125.84-6.6-144.112-72.116C8.962 184.178 0 68.083 0 52.402c0-78.544 68.633-53.857 110.985-21.96z\"><\/path><\/svg> Share on Bluesky<\/a><\/span> <\/p>\n<p class=\"cxzero-social-links\">Follow <a href=\"\/zero\/\">Checkmarx Zero<\/a>: <span class=\"social-link\"><a class=\"social-con\" href=\"https:\/\/www.linkedin.com\/showcase\/checkmarx-zero\"><svg id=\"Layer_1\" data-name=\"Layer 1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" alt=\"Checkmarx Zero on LinkedIn\" viewbox=\"0 0 122.88 122.31\"><defs><style>.cls-1{fill:#0a66c2}.cls-1,.cls-2{fill-rule:evenodd}.cls-2{fill:#fff}<\/style><\/defs><title>linkedin-app<\/title>\n<path class=\"cls-1\" d=\"M27.75,0H95.13a27.83,27.83,0,0,1,27.75,27.75V94.57a27.83,27.83,0,0,1-27.75,27.74H27.75A27.83,27.83,0,0,1,0,94.57V27.75A27.83,27.83,0,0,1,27.75,0Z\"><\/path><path class=\"cls-2\" d=\"M49.19,47.41H64.72v8h.22c2.17-3.88,7.45-8,15.34-8,16.39,0,19.42,10.2,19.42,23.47V98.94H83.51V74c0-5.71-.12-13.06-8.42-13.06s-9.72,6.21-9.72,12.65v25.4H49.19V47.41ZM40,31.79a8.42,8.42,0,1,1-8.42-8.42A8.43,8.43,0,0,1,40,31.79ZM23.18,47.41H40V98.94H23.18V47.41Z\"><\/path><\/svg> <\/a><\/span> <span class=\"social-link\"><a class=\"social-icon\" href=\"https:\/\/bsky.app\/profile\/checkmarxzero.bsky.social\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" shape-rendering=\"geometricPrecision\" text-rendering=\"geometricPrecision\" image-rendering=\"optimizeQuality\" fill-rule=\"evenodd\" clip-rule=\"evenodd\" alt=\"Checkmarx Zero on Bluesky\" viewbox=\"0 0 511.999 452.266\"> <path fill=\"#0085FF\" fill-rule=\"nonzero\" d=\"M110.985 30.442c58.695 44.217 121.837 133.856 145.013 181.961 23.176-48.105 86.322-137.744 145.016-181.961 42.361-31.897 110.985-56.584 110.985 21.96 0 15.681-8.962 131.776-14.223 150.628-18.272 65.516-84.873 82.228-144.112 72.116 103.55 17.68 129.889 76.238 73 134.8-108.04 111.223-155.288-27.905-167.385-63.554-3.489-10.262-2.991-10.498-6.561 0-12.098 35.649-59.342 174.777-167.382 63.554-56.89-58.562-30.551-117.12 72.999-134.8-59.239 10.112-125.84-6.6-144.112-72.116C8.962 184.178 0 68.083 0 52.402c0-78.544 68.633-53.857 110.985-21.96z\"><\/path><\/svg> <\/a><\/span> <span class=\"social-link\"><a class=\"social-con\" href=\"https:\/\/x.com\/CheckmarxZero\"><svg alt=\"Checkmarx Zero on X\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" shape-rendering=\"geometricPrecision\" text-rendering=\"geometricPrecision\" image-rendering=\"optimizeQuality\" fill-rule=\"evenodd\" clip-rule=\"evenodd\" viewbox=\"0 0 512 462.799\"><path fill-rule=\"nonzero\" d=\"M403.229 0h78.506L310.219 196.04 512 462.799H354.002L230.261 301.007 88.669 462.799h-78.56l183.455-209.683L0 0h161.999l111.856 147.88L403.229 0zm-27.556 415.805h43.505L138.363 44.527h-46.68l283.99 371.278z\"><\/path><\/svg> <\/a><\/span> <\/p> <script>function social_action_template(a){const b=encodeURIComponent(window.location.href);const c=document.querySelector(\"h1\");let headContent=(c==null?\"\":c.textContent);let processed=a.replace(\/\\{title\\}\/g,encodeURIComponent(headContent));processed=processed.replace(\/\\{url\\}\/g,b);return processed}var socialAction=document.getElementsByClassName(\"social-action\");console.log(socialAction);for(e=0;e<socialAction.length;e++){element=socialAction.item(e);console.log(element);element.href=social_action_template(element.href)};<\/script> <\/div>","protected":false},"excerpt":{"rendered":"<p>A stored XSS in n8n let authenticated attackers bypass webhook sandbox protections and execute JavaScript in a victim\u2019s session. Checkmarx Zero explains how an SVG-based content-type bypass broke a denylist-based defense, why that design was fragile, and what versions fix the issue.<\/p>\n","protected":false},"author":121,"featured_media":108042,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[],"tags":[],"class_list":["post-108007","zero-post","type-zero-post","status-publish","has-post-thumbnail","hentry","zero-category-blog","zero-category-security-blogs","zero-category-security-news","zero-category-technical-blog","zero-tag-bypass","zero-tag-cve","zero-tag-disclosure","zero-tag-n8n","zero-tag-xss"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Same Origin, Same Tricks: Bypassing n8n&#039;s CSP Sandbox (CVE-2026-27578) - Checkmarx<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Same Origin, Same Tricks: Bypassing n8n&#039;s CSP Sandbox (CVE-2026-27578) - Checkmarx\" \/>\n<meta property=\"og:description\" content=\"A stored XSS in n8n let authenticated attackers bypass webhook sandbox protections and execute JavaScript in a victim\u2019s session. Checkmarx Zero explains how an SVG-based content-type bypass broke a denylist-based defense, why that design was fragile, and what versions fix the issue.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/cxzero-feature_n8n-csp-bypass-stored-xss_CVE-2026-27578.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1280\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/\",\"url\":\"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/\",\"name\":\"Same Origin, Same Tricks: Bypassing n8n's CSP Sandbox (CVE-2026-27578) - Checkmarx\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/cxzero-feature_n8n-csp-bypass-stored-xss_CVE-2026-27578.webp\",\"datePublished\":\"2026-04-06T23:00:00+00:00\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/cxzero-feature_n8n-csp-bypass-stored-xss_CVE-2026-27578.webp\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/cxzero-feature_n8n-csp-bypass-stored-xss_CVE-2026-27578.webp\",\"width\":2560,\"height\":1280,\"caption\":\"A dark, grunge-style illustration about a cybersecurity exploit. It features a large red eye, hooded figures, a spider, a spiderweb, and text 'CVE-2026-27578 XSS Exploit'. Code snippets like `` and `` are visible, along with the 'n8n' logo and 'Webhook Node' diagram. The 'Checkmarx ZERO' logo is in the bottom right.\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Same Origin, Same Tricks: Bypassing n8n's CSP Sandbox (CVE-2026-27578) - Checkmarx","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/","og_locale":"en_US","og_type":"article","og_title":"Same Origin, Same Tricks: Bypassing n8n's CSP Sandbox (CVE-2026-27578) - Checkmarx","og_description":"A stored XSS in n8n let authenticated attackers bypass webhook sandbox protections and execute JavaScript in a victim\u2019s session. Checkmarx Zero explains how an SVG-based content-type bypass broke a denylist-based defense, why that design was fragile, and what versions fix the issue.","og_url":"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","og_image":[{"width":2560,"height":1280,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/cxzero-feature_n8n-csp-bypass-stored-xss_CVE-2026-27578.webp","type":"image\/webp"}],"twitter_card":"summary_large_image","twitter_site":"@checkmarx","twitter_misc":{"Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/","url":"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/","name":"Same Origin, Same Tricks: Bypassing n8n's CSP Sandbox (CVE-2026-27578) - Checkmarx","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/cxzero-feature_n8n-csp-bypass-stored-xss_CVE-2026-27578.webp","datePublished":"2026-04-06T23:00:00+00:00","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/cxzero-feature_n8n-csp-bypass-stored-xss_CVE-2026-27578.webp","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/cxzero-feature_n8n-csp-bypass-stored-xss_CVE-2026-27578.webp","width":2560,"height":1280,"caption":"A dark, grunge-style illustration about a cybersecurity exploit. It features a large red eye, hooded figures, a spider, a spiderweb, and text 'CVE-2026-27578 XSS Exploit'. Code snippets like `` and `` are visible, along with the 'n8n' logo and 'Webhook Node' diagram. The 'Checkmarx ZERO' logo is in the bottom right."},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/zero-post\/108007","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/121"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/108042"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=108007"}],"wp:term":[{"taxonomy":"zero-category","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/zero-category?post=108007"},{"taxonomy":"zero-tag","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/zero-tag?post=108007"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}},{"id":108049,"date":"2026-04-02T09:17:00","date_gmt":"2026-04-02T07:17:00","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?post_type=zero-post&#038;p=108049"},"modified":"2026-04-01T21:21:18","modified_gmt":"2026-04-01T19:21:18","slug":"rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02","status":"publish","type":"zero-post","link":"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/","title":{"rendered":"Rapid Exploitation and Clever Malware in the Supply Chain, Last Week In AppSec (2026-04-02)"},"content":{"rendered":"<style type=\"text\/css\">\n@import url(\"https:\/\/cmxiv.net\/cxzero\/cxzero-blog-styles-inject.extracted.css\");\n@import url(\"https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/highlight.js\/11.11.1\/styles\/vs2015.min.css\");\n<\/style>\n<script src=\"https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/highlight.js\/11.11.1\/highlight.min.js\" integrity=\"sha512-EBLzUL8XLl+va\/zAsmXwS7Z2B1F9HUHkZwyS\/VKwh3S7T\/U0nF4BaU29EP\/ZSf6zgiIxYAnKLu6bJ8dqpmX5uw==\" crossorigin=\"anonymous\" referrerpolicy=\"no-referrer\"><\/script>\n<script>hljs.highlightAll();<\/script>\n\n\n\n\n<p class=\"print-source-info\"><script>\n    document.write(\"&copy;&nbsp;Checkmarx, all rights reserved. Retrieved \" + new Date().toLocaleDateString() + \" from<br\/>\" + window.location.href)<\/script>\n    <noscript>This document &copy;&nbsp;Checkmarx, all rights reserved.<\/noscript>\n<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"overview-of-the-last-week-in-appsec\">Overview of the Last Week In AppSec<\/h2>\n\n\n\n<p>It was an exciting week for Supply Chain Security: and we mean \u201cexciting\u201d in the \u201cmay you live in interesting times\u201d kind of way.<\/p>\n\n\n\n<p>You almost certainly heard about&nbsp;<a href=\"https:\/\/www.sans.org\/blog\/axios-npm-supply-chain-compromise-malicious-packages-remote-access-trojan\">the Axios compromise that led to remote access trojan installation<\/a>, so we\u2019re not going to discuss that further here. What you might&nbsp;<em>not<\/em>&nbsp;have heard of:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<strong>Langflow code injection<\/strong>\u00a0CVE from the prior week got added to the CISA KEV (Known Exploited Vulnerabilities) database just days after disclosure.<\/li>\n\n\n\n<li>\n<strong>Telnyx Python framework infected with malware<\/strong>, with a surprising abuse of\u00a0<code>.wav<\/code>\u00a0audio files to conceal malicious payloads.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"langflow-cve-2026-33017-added-to-cisa-kev\">Langflow CVE-2026-33017 added to CISA KEV<\/h2>\n\n\n\n<p>The popular low-code AI and&nbsp;RAG&nbsp;framework&nbsp;<a href=\"https:\/\/www.langflow.org\/\">Langflow<\/a>\u2019s recent&nbsp;<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-33017\">code injection vulnerability<\/a>&nbsp;was&nbsp;<a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-33017\">added to the&nbsp;<abbr title=\"Cybersecurity Infrastructure &amp; Security Agency\">CISA<\/abbr>&nbsp;KEV<\/a>&nbsp;(Known Exploited Vulnerabilities) database this past week, demonstrating that this issue from earlier in the week is appetizing to adversaries.<\/p>\n\n\n\n<p>The core issue, as described in&nbsp;<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-33017\">CVE-2026-33017<\/a>, arises because attacker-controlled&nbsp;<code>POST<\/code>&nbsp;requests to&nbsp;<code>\/api\/v1\/build_public_tmp\/{flow_id}\/flow<\/code>&nbsp;endpoints are passed directly to&nbsp;<code>exec()<\/code>&nbsp;without any sandboxing.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody>\n<tr>\n<td><strong>Affected<\/strong><\/td>\n<td>langflow services through (and including) 1.8.2<\/td>\n<\/tr>\n<tr>\n<td><strong>Fixed<\/strong><\/td>\n<td>langflow versions 1.9.0 and newer<\/td>\n<\/tr>\n<\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"telnyx-framework-versions-compromised\">Telnyx framework versions compromised<\/h2>\n\n\n\n<p>The&nbsp;<a href=\"https:\/\/pypi.org\/project\/telnyx\/\">telnyx framework<\/a>, a Python framework for handling carrier-grade voice and related functions, was compromised in a supply chain attack last week.<\/p>\n\n\n\n<p>Compromised versions (4.87.1 and 4.87.2) retrieved a spec-valid&nbsp;<code>.wav<\/code>&nbsp;audio file from a remote host (thus avoiding triggering suspicion), which had executable code hidden inside the audio frames. The payload varies, but harvests information from the infected computer and exfiltrates it via an HTTP&nbsp;<code>POST<\/code>&nbsp;to&nbsp;<code>83[.]142[.]209[.]203[:]8080\/<\/code><\/p>\n\n\n\n<p>Fortunately, the community identified and removed the affected versions quickly; but private registries and similar package proxies may retain the compromised revisions, so investigation and response is important.<\/p>\n\n\n\n<details>\n<summary>Checkmarx Malicious Package Identification data for affected versions of telnyx<\/summary><pre><code class=\"language-json\">[\n  {\n    \"type\": \"pypi\",\n    \"name\": \"telnyx\",\n    \"status\": \"SCANNED\",\n    \"version\": \"4.87.1\",\n    \"ioc\": [\n      \"83.142.209.203\"\n    ],\n    \"risks\": [\n      {\n        \"id\": \"097bc3bb508a0d30d69f8fa84fbf7541fd1d42e3\",\n        \"description\": \"This package downloads a harmful file.\\n### About\\n\\nUsing a dynamic analysis environment (also known as a Sandbox) we can monitor filesystem activity such as newly created files within the lifecycle of the code package.\\n\\nOnce new files are created, our technology analyzes each of the newly created files. In case a file is harmful, this risk is shown. \\n\\n![infographic](https:\/\/checkmarx-scs-cdn.s3.amazonaws.com\/sca\/infographics\/harmful-file-download.png)\",\n        \"title\": \"Harmful File Download\",\n        \"score\": 9\n      },\n      {\n        \"id\": \"53897b25c15efe005b722f26867307ef103445d5\",\n        \"description\": \"This package exfiltrates computer and operating system information\\n### About\\n\\nData exfiltration may be done in numerous ways such as through HTTP requests, DNS tunneling, various webhooks and more. It is common by attackers to try to exfiltrate sensitive information such as:\\n- Credentials\\n- Environment variables\\n- SSH keys\\n- Authentication tokens\\n- Computer and operating system information\\n- Network settings\\n\\n![infographic](https:\/\/checkmarx-scs-cdn.s3.amazonaws.com\/sca\/infographics\/data-exfiltration.png)\",\n        \"title\": \"Data Exfiltration\",\n        \"score\": 6\n      },\n      {\n        \"id\": \"d2994ee8b15325588d97ca045e8d88e369222f96\",\n        \"description\": \"This package was manually inspected by a security researcher and flagged as malicious\\n### About\\n\\nClassifying malicious packages is an internal process, analysis is done at scale automatically via multiple engines. Once there's a risk suspicion, this is forwarded to a security researcher for a manual evaluation.\\n\\nAttackers take advantage of the excessive trust in the open-source ecosystem and launch software supply chain attacks in the form of code packages.   \\n\\nThe risk of having a package with a malicious payload is high. It's a common behavior for most of the malicious payloads to execute itself automatically upon installing or using the package. \\n\\n![infographic](https:\/\/checkmarx-scs-cdn.s3.amazonaws.com\/sca\/infographics\/malicious-package.png)\\n\\nWhile some dependency vulnerabilities have the privilege to be kept as known issue due to risk-management, same does not apply in the case of a malicious package, and it should be removed with the highest priority.\",\n        \"title\": \"Malicious Package\",\n        \"score\": 10\n      }\n    ]\n  },\n  {\n    \"type\": \"pypi\",\n    \"name\": \"telnyx\",\n    \"status\": \"SCANNED\",\n    \"version\": \"4.87.2\",\n    \"ioc\": [\n      \"83.142.209.203\"\n    ],\n    \"risks\": [\n      {\n        \"id\": \"4241fa0d0251fb37cf5aa79b09177696a00d429c\",\n        \"description\": \"This package exfiltrates computer and operating system information\\n### About\\n\\nData exfiltration may be done in numerous ways such as through HTTP requests, DNS tunneling, various webhooks and more. It is common by attackers to try to exfiltrate sensitive information such as:\\n- Credentials\\n- Environment variables\\n- SSH keys\\n- Authentication tokens\\n- Computer and operating system information\\n- Network settings\\n\\n![infographic](https:\/\/checkmarx-scs-cdn.s3.amazonaws.com\/sca\/infographics\/data-exfiltration.png)\",\n        \"title\": \"Data Exfiltration\",\n        \"score\": 6\n      },\n      {\n        \"id\": \"43b4cfb9025057d57e99f5d4deeb3f01e5cc5b3e\",\n        \"description\": \"This package was manually inspected by a security researcher and flagged as malicious\\n### About\\n\\nClassifying malicious packages is an internal process, analysis is done at scale automatically via multiple engines. Once there's a risk suspicion, this is forwarded to a security researcher for a manual evaluation.\\n\\nAttackers take advantage of the excessive trust in the open-source ecosystem and launch software supply chain attacks in the form of code packages.   \\n\\nThe risk of having a package with a malicious payload is high. It's a common behavior for most of the malicious payloads to execute itself automatically upon installing or using the package. \\n\\n![infographic](https:\/\/checkmarx-scs-cdn.s3.amazonaws.com\/sca\/infographics\/malicious-package.png)\\n\\nWhile some dependency vulnerabilities have the privilege to be kept as known issue due to risk-management, same does not apply in the case of a malicious package, and it should be removed with the highest priority.\",\n        \"title\": \"Malicious Package\",\n        \"score\": 10\n      },\n      {\n        \"id\": \"78aeaedb24de07ca9cdfd93d18d5ee0ad013a773\",\n        \"description\": \"This package downloads a harmful file.\\n### About\\n\\nUsing a dynamic analysis environment (also known as a Sandbox) we can monitor filesystem activity such as newly created files within the lifecycle of the code package.\\n\\nOnce new files are created, our technology analyzes each of the newly created files. In case a file is harmful, this risk is shown. \\n\\n![infographic](https:\/\/checkmarx-scs-cdn.s3.amazonaws.com\/sca\/infographics\/harmful-file-download.png)\",\n        \"title\": \"Harmful File Download\",\n        \"score\": 9\n      }\n    ]\n  }\n]<\/code><\/pre>\n<\/details><br>\n\n\n\n<p>Researchers at JFrog have published a&nbsp;<a href=\"https:\/\/research.jfrog.com\/post\/team-pcp-strikes-again-telnyx-popular-library-hit\/\">very nice technical analysis<\/a>&nbsp;of the malware for those interested in the tactics in use.<\/p>\n\n\n\n<style type=\"text\/css\">.cxzero-social{margin-top:1em;padding-top:1em;border-top:1px solid #121086;border-bottom:1px solid #121086;padding-bottom:1em}.cxzero-social p{padding-top:.8em}.cxzero-social .cxzero-social-links{margin-left:.8em}.cxzero-social .social-link{margin-left:.6em}.cxzero-social .social-button{padding:.6em;margin:.2em .2em .2em .2em;white-space:nowrap}.cxzero-social .social-button svg,.cxzero-social .social-link svg{vertical-align:middle;height:1.3em}.cxzero-social .social-button a,.cxzero-social .social-link a{text-decoration:none !important}<\/style> <div class=\"cxzero-social\">\n<p> <span class=\"social-button\"><a class=\"social-action\" href=\"https:\/\/www.linkedin.com\/sharing\/share-offsite\/?url={url}\" onload=\"\"><svg id=\"Layer_1\" data-name=\"Layer 1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" alt=\"LinkedIn Icon\" viewbox=\"0 0 122.88 122.31\"><defs><style>.cls-1{fill:#0a66c2}.cls-1,.cls-2{fill-rule:evenodd}.cls-2{fill:#fff}<\/style><\/defs><title>linkedin-app<\/title>\n<path class=\"cls-1\" d=\"M27.75,0H95.13a27.83,27.83,0,0,1,27.75,27.75V94.57a27.83,27.83,0,0,1-27.75,27.74H27.75A27.83,27.83,0,0,1,0,94.57V27.75A27.83,27.83,0,0,1,27.75,0Z\"><\/path><path class=\"cls-2\" d=\"M49.19,47.41H64.72v8h.22c2.17-3.88,7.45-8,15.34-8,16.39,0,19.42,10.2,19.42,23.47V98.94H83.51V74c0-5.71-.12-13.06-8.42-13.06s-9.72,6.21-9.72,12.65v25.4H49.19V47.41ZM40,31.79a8.42,8.42,0,1,1-8.42-8.42A8.43,8.43,0,0,1,40,31.79ZM23.18,47.41H40V98.94H23.18V47.41Z\"><\/path><\/svg> Share on LinkedIn<\/a><\/span> <span class=\"social-button\"><a class=\"social-action\" href=\"https:\/\/bsky.app\/intent\/compose?text=I%20just%20read%20%22{title}%22%20from%20Checkmarx%20Zero%20{url}\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" shape-rendering=\"geometricPrecision\" text-rendering=\"geometricPrecision\" image-rendering=\"optimizeQuality\" fill-rule=\"evenodd\" clip-rule=\"evenodd\" alt=\"Bluesky Icon\" viewbox=\"0 0 511.999 452.266\"> <path fill=\"#0085FF\" fill-rule=\"nonzero\" d=\"M110.985 30.442c58.695 44.217 121.837 133.856 145.013 181.961 23.176-48.105 86.322-137.744 145.016-181.961 42.361-31.897 110.985-56.584 110.985 21.96 0 15.681-8.962 131.776-14.223 150.628-18.272 65.516-84.873 82.228-144.112 72.116 103.55 17.68 129.889 76.238 73 134.8-108.04 111.223-155.288-27.905-167.385-63.554-3.489-10.262-2.991-10.498-6.561 0-12.098 35.649-59.342 174.777-167.382 63.554-56.89-58.562-30.551-117.12 72.999-134.8-59.239 10.112-125.84-6.6-144.112-72.116C8.962 184.178 0 68.083 0 52.402c0-78.544 68.633-53.857 110.985-21.96z\"><\/path><\/svg> Share on Bluesky<\/a><\/span> <\/p>\n<p class=\"cxzero-social-links\">Follow <a href=\"\/zero\/\">Checkmarx Zero<\/a>: <span class=\"social-link\"><a class=\"social-con\" href=\"https:\/\/www.linkedin.com\/showcase\/checkmarx-zero\"><svg id=\"Layer_1\" data-name=\"Layer 1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" alt=\"Checkmarx Zero on LinkedIn\" viewbox=\"0 0 122.88 122.31\"><defs><style>.cls-1{fill:#0a66c2}.cls-1,.cls-2{fill-rule:evenodd}.cls-2{fill:#fff}<\/style><\/defs><title>linkedin-app<\/title>\n<path class=\"cls-1\" d=\"M27.75,0H95.13a27.83,27.83,0,0,1,27.75,27.75V94.57a27.83,27.83,0,0,1-27.75,27.74H27.75A27.83,27.83,0,0,1,0,94.57V27.75A27.83,27.83,0,0,1,27.75,0Z\"><\/path><path class=\"cls-2\" d=\"M49.19,47.41H64.72v8h.22c2.17-3.88,7.45-8,15.34-8,16.39,0,19.42,10.2,19.42,23.47V98.94H83.51V74c0-5.71-.12-13.06-8.42-13.06s-9.72,6.21-9.72,12.65v25.4H49.19V47.41ZM40,31.79a8.42,8.42,0,1,1-8.42-8.42A8.43,8.43,0,0,1,40,31.79ZM23.18,47.41H40V98.94H23.18V47.41Z\"><\/path><\/svg> <\/a><\/span> <span class=\"social-link\"><a class=\"social-icon\" href=\"https:\/\/bsky.app\/profile\/checkmarxzero.bsky.social\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" shape-rendering=\"geometricPrecision\" text-rendering=\"geometricPrecision\" image-rendering=\"optimizeQuality\" fill-rule=\"evenodd\" clip-rule=\"evenodd\" alt=\"Checkmarx Zero on Bluesky\" viewbox=\"0 0 511.999 452.266\"> <path fill=\"#0085FF\" fill-rule=\"nonzero\" d=\"M110.985 30.442c58.695 44.217 121.837 133.856 145.013 181.961 23.176-48.105 86.322-137.744 145.016-181.961 42.361-31.897 110.985-56.584 110.985 21.96 0 15.681-8.962 131.776-14.223 150.628-18.272 65.516-84.873 82.228-144.112 72.116 103.55 17.68 129.889 76.238 73 134.8-108.04 111.223-155.288-27.905-167.385-63.554-3.489-10.262-2.991-10.498-6.561 0-12.098 35.649-59.342 174.777-167.382 63.554-56.89-58.562-30.551-117.12 72.999-134.8-59.239 10.112-125.84-6.6-144.112-72.116C8.962 184.178 0 68.083 0 52.402c0-78.544 68.633-53.857 110.985-21.96z\"><\/path><\/svg> <\/a><\/span> <span class=\"social-link\"><a class=\"social-con\" href=\"https:\/\/x.com\/CheckmarxZero\"><svg alt=\"Checkmarx Zero on X\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" shape-rendering=\"geometricPrecision\" text-rendering=\"geometricPrecision\" image-rendering=\"optimizeQuality\" fill-rule=\"evenodd\" clip-rule=\"evenodd\" viewbox=\"0 0 512 462.799\"><path fill-rule=\"nonzero\" d=\"M403.229 0h78.506L310.219 196.04 512 462.799H354.002L230.261 301.007 88.669 462.799h-78.56l183.455-209.683L0 0h161.999l111.856 147.88L403.229 0zm-27.556 415.805h43.505L138.363 44.527h-46.68l283.99 371.278z\"><\/path><\/svg> <\/a><\/span> <\/p> <script>function social_action_template(a){const b=encodeURIComponent(window.location.href);const c=document.querySelector(\"h1\");let headContent=(c==null?\"\":c.textContent);let processed=a.replace(\/\\{title\\}\/g,encodeURIComponent(headContent));processed=processed.replace(\/\\{url\\}\/g,b);return processed}var socialAction=document.getElementsByClassName(\"social-action\");console.log(socialAction);for(e=0;e<socialAction.length;e++){element=socialAction.item(e);console.log(element);element.href=social_action_template(element.href)};<\/script> <\/div>\n\n\n\n<p><\/p>","protected":false},"excerpt":{"rendered":"<p>Two supply-chain stories mattered most this week: Langflow\u2019s recent code-injection flaw was added to CISA\u2019s Known Exploited Vulnerabilities catalog, and the Telnyx Python package compromise showed how quickly trusted developer tooling can become a delivery path for malware. We break down what happened, who should care, and what AppSec and development teams should do next.<\/p>\n","protected":false},"author":137,"featured_media":108050,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[],"tags":[],"class_list":["post-108049","zero-post","type-zero-post","status-publish","has-post-thumbnail","hentry","zero-category-security-blogs","zero-category-security-news","zero-tag-arbitrary-code-execution","zero-tag-langflow","zero-tag-malicious-package","zero-tag-supply-chain-security","zero-tag-telnyx"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Rapid Exploitation and Clever Malware in the Supply Chain, Last Week In AppSec (2026-04-02) - Checkmarx<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Rapid Exploitation and Clever Malware in the Supply Chain, Last Week In AppSec (2026-04-02) - Checkmarx\" \/>\n<meta property=\"og:description\" content=\"Two supply-chain stories mattered most this week: Langflow\u2019s recent code-injection flaw was added to CISA\u2019s Known Exploited Vulnerabilities catalog, and the Telnyx Python package compromise showed how quickly trusted developer tooling can become a delivery path for malware. We break down what happened, who should care, and what AppSec and development teams should do next.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/lwias-feature_2026-04-02.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1280\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/\",\"url\":\"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/\",\"name\":\"Rapid Exploitation and Clever Malware in the Supply Chain, Last Week In AppSec (2026-04-02) - Checkmarx\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/lwias-feature_2026-04-02.webp\",\"datePublished\":\"2026-04-02T07:17:00+00:00\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/lwias-feature_2026-04-02.webp\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/lwias-feature_2026-04-02.webp\",\"width\":2560,\"height\":1280,\"caption\":\"A dark, grungy cyber-punk illustration featuring a server with glowing green eyes, a robotic head, a Python snake head, and a skull with red eyes. Text includes 'CVE-2026-33017,' 'TELNYX,' an IP address, and 'Checkmarx ZERO,' all against a backdrop of a dark city and neon green\/purple splatters.\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Rapid Exploitation and Clever Malware in the Supply Chain, Last Week In AppSec (2026-04-02) - Checkmarx","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/","og_locale":"en_US","og_type":"article","og_title":"Rapid Exploitation and Clever Malware in the Supply Chain, Last Week In AppSec (2026-04-02) - Checkmarx","og_description":"Two supply-chain stories mattered most this week: Langflow\u2019s recent code-injection flaw was added to CISA\u2019s Known Exploited Vulnerabilities catalog, and the Telnyx Python package compromise showed how quickly trusted developer tooling can become a delivery path for malware. We break down what happened, who should care, and what AppSec and development teams should do next.","og_url":"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","og_image":[{"width":2560,"height":1280,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/lwias-feature_2026-04-02.webp","type":"image\/webp"}],"twitter_card":"summary_large_image","twitter_site":"@checkmarx","twitter_misc":{"Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/","url":"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/","name":"Rapid Exploitation and Clever Malware in the Supply Chain, Last Week In AppSec (2026-04-02) - Checkmarx","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/lwias-feature_2026-04-02.webp","datePublished":"2026-04-02T07:17:00+00:00","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/zero-post\/rapid-exploitation-and-clever-malware-in-the-supply-chain-last-week-in-appsec-2026-04-02\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/lwias-feature_2026-04-02.webp","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/lwias-feature_2026-04-02.webp","width":2560,"height":1280,"caption":"A dark, grungy cyber-punk illustration featuring a server with glowing green eyes, a robotic head, a Python snake head, and a skull with red eyes. Text includes 'CVE-2026-33017,' 'TELNYX,' an IP address, and 'Checkmarx ZERO,' all against a backdrop of a dark city and neon green\/purple splatters."},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/zero-post\/108049","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/137"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/108050"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=108049"}],"wp:term":[{"taxonomy":"zero-category","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/zero-category?post=108049"},{"taxonomy":"zero-tag","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/zero-tag?post=108049"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}},{"id":107906,"date":"2026-03-26T18:02:10","date_gmt":"2026-03-26T16:02:10","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?p=107906"},"modified":"2026-03-30T10:57:05","modified_gmt":"2026-03-30T08:57:05","slug":"rsac-2026-marked-a-turning-point-for-appsec-the-reason-agentic-security","status":"publish","type":"post","link":"https:\/\/checkmarx.com\/blog\/rsac-2026-marked-a-turning-point-for-appsec-the-reason-agentic-security\/","title":{"rendered":"RSAC 2026 Marked a Turning Point for AppSec. The Reason \u2013 Agentic Security\u00a0"},"content":{"rendered":"<p>RSAC 2026 Marked a Turning Point for AppSec. The Reason \u2013 Agentic Security&nbsp;<\/p>\n\n\n\n<p>RSA Conference 2026 has just wrapped in San Francisco.&nbsp;<\/p>\n\n\n\n<p>If&nbsp;you\u2019ve&nbsp;been to enough of these events, you know that while&nbsp;they\u2019re&nbsp;valuable for innovation, connection, and hearing where the industry is headed, they tend to blend into&nbsp;the collective memory of past events&nbsp;after a couple&nbsp;months,&nbsp;with little to distinguish them.&nbsp;<\/p>\n\n\n\n<p><strong>But then&nbsp;there\u2019s&nbsp;the 1%.<\/strong>&nbsp;<\/p>\n\n\n\n<p>The rare moment you recognize&nbsp;immediately&nbsp;when something shifts.&nbsp;<br>Not a gradual step forward, but a leap.&nbsp;When what felt experimental or theoretical suddenly becomes real.&nbsp;<\/p>\n\n\n\n<p><strong>RSAC 2026 felt like one of those moments.<\/strong>&nbsp;<\/p>\n\n\n\n<p>What set this year apart was&nbsp;the emergence of&nbsp;<strong>Agentic AppSec<\/strong>, not as an idea or&nbsp;an&nbsp;experiment,&nbsp;but rather an&nbsp;operational reality&nbsp;already being adopted and executed, as part of&nbsp;the&nbsp;growing recognition that AI-driven development is fundamentally reshaping the software lifecycle&nbsp;\u2013&nbsp;into&nbsp;<a href=\"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/goodbye-sdlc-hello-adlc-how-will-appsec-adapt\/\" target=\"_blank\" rel=\"noreferrer noopener\">Agentic Development&nbsp;Lifecycle&nbsp;(ADLC)<\/a>&nbsp;&#8211;&nbsp;&nbsp;and&nbsp;security models that must&nbsp;evolve to&nbsp;support it.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-1\">\n<strong>What Defined This Turning Point&nbsp;in RSAC 2026<\/strong>&nbsp;<\/h2>\n\n\n\n<p>To understand why RSAC 2026 felt so unique, it helps to take a closer look at the themes that consistently&nbsp;emerged&nbsp;across the event.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">From Assistive AI \u2192 Autonomous (Agentic) Security&nbsp;<\/h3>\n\n\n\n<p>The biggest shift:&nbsp;Agents&nbsp;have grown to be&nbsp;more than&nbsp;\u2018assistants\u2019. Security is no longer just&nbsp;assisted&nbsp;by&nbsp;AI&nbsp;&#8211;&nbsp;AI agents increasingly execute it.&nbsp;<\/p>\n\n\n\n<p>Agents are moving from copilots to decision-makers&nbsp;who&nbsp;can investigate, triage, and act.&nbsp;The industry is transitioning from human-paced workflows to&nbsp;<strong>machine-speed security operations<\/strong>.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u201cSecurity for AI\u201d and \u201cSecurity by AI\u201d Converge&nbsp;<\/h3>\n\n\n\n<p>A major theme across sessions:&nbsp;<\/p>\n\n\n\n<p>Organizations must secure AI systems (LLMs, agents, MCPs),&nbsp;while simultaneously using AI to secure software and pipelines.&nbsp;<\/p>\n\n\n\n<p>AppSec is now responsible for both sides of the equation:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Protecting AI-generated code and AI components&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Using agents to secure the SDLC,&nbsp;and increasingly, the ADLC&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">The Rise of the Agentic Development Lifecycle (ADLC)&nbsp;<\/h3>\n\n\n\n<p>AI is reshaping how software is written, reviewed, and deployed.&nbsp;Security must adapt to a lifecycle where agents generate,&nbsp;modify, and ship code.&nbsp;<\/p>\n\n\n\n<p><strong>AppSec implication:<\/strong>&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Security shifts from left \u2192&nbsp;<strong>everywhere<\/strong>&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>From reactive \u2192&nbsp;<strong>embedded into autonomous workflows<\/strong>&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Explosion of AI Supply Chain Risk&nbsp;<\/h3>\n\n\n\n<p>RSAC highlighted growing concern around the security risks introduced by new supply chain components and dependencies, such as LLMs, agents, MCP servers, plugins, and AI SDKs.&nbsp;<\/p>\n\n\n\n<p>There is a clear need for visibility (AI-BOM), provenance, and trust in AI components.&nbsp;<\/p>\n\n\n\n<p><strong>AppSec implication:<\/strong>&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SBOM is evolving into&nbsp;<strong>AI-BOM<\/strong>&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You now secure not just code dependencies, but AI dependencies&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\n<strong>AI-Native Security Vendors vs. Legacy Players<\/strong>&nbsp;<\/h3>\n\n\n\n<p>There\u2019s&nbsp;a clear market shift:&nbsp;<\/p>\n\n\n\n<p>The rise of AI-native security companies&nbsp;is&nbsp;challenging traditional vendors.&nbsp;Winning platforms are being rebuilt&nbsp;from the ground up&nbsp;as AI-first, not AI-enhanced.&nbsp;<\/p>\n\n\n\n<p><strong>AppSec implication:<\/strong>&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Expect consolidation around platforms that embed agents deeply&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Not bolt-on AI features&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\n<strong>Trust, Governance, and Identity Become Foundational<\/strong>&nbsp;<\/h3>\n\n\n\n<p>As agents act autonomously, the question becomes:&nbsp;<\/p>\n\n\n\n<p>Who authorized the agent? What can it do?&nbsp;<\/p>\n\n\n\n<p>Identity and governance are now core security primitives, not add-ons.&nbsp;<\/p>\n\n\n\n<p><strong>AppSec implication:<\/strong>&nbsp;<\/p>\n\n\n\n<p>Security must enforce:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Agent identity&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Policy boundaries&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Auditability of decisions&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Taken together, these themes highlight a clear gap: traditional AppSec approaches were not designed for an agentic development lifecycle.&nbsp;<\/p>\n\n\n\n<p><strong>That gap \u2014 and how to close it \u2014 was a central focus of what we introduced, as it raised the question:<\/strong>&nbsp;how do you secure an&nbsp;ecosystem&nbsp;that is&nbsp;agent-driven&nbsp;as much, if not more,&nbsp;than human-driven?&nbsp;&nbsp;<\/p>\n\n\n\n<p>At RSAC 2026, we introduced&nbsp;our new&nbsp;capabilities designed to address exactly that.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img decoding=\"async\" width=\"930\" height=\"673\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/CX-RSAC-1.webp\" alt=\"\" class=\"wp-image-107932\" style=\"aspect-ratio:1.3818985682338123;width:601px;height:auto\" srcset=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/CX-RSAC-1.webp 930w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/CX-RSAC-1-300x217.webp 300w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/CX-RSAC-1-768x556.webp 768w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/CX-RSAC-1-808x585.webp 808w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/CX-RSAC-1-400x289.webp 400w\" sizes=\"(max-width: 930px) 100vw, 930px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-2\">\n<strong>Securing the Agentic Development Lifecycle<\/strong>&nbsp;<\/h2>\n\n\n\n<p>At RSA this year,&nbsp;Checkmarx&nbsp;<a href=\"https:\/\/checkmarx.com\/rsac-2026\/\" target=\"_blank\" rel=\"noreferrer noopener\">unveiled<\/a>&nbsp;a new set of innovations designed to secure the&nbsp;ADLC:&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Expansion of&nbsp;the&nbsp;Checkmarx&nbsp;Assist family of agents&nbsp;<\/h3>\n\n\n\n<p>Building on&nbsp;<a href=\"https:\/\/checkmarx.com\/product\/developer-assist\/\" target=\"_blank\" rel=\"noreferrer noopener\">Checkmarx&nbsp;Developer Assist<\/a>, we introduced two new agents:&nbsp;<a href=\"https:\/\/checkmarx.com\/product\/triage-and-remediation\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Triage Assist<\/strong>&nbsp;and&nbsp;<strong>Remediation Assist<\/strong><\/a><strong>,&nbsp;<\/strong>designed to secure the critical post-commit phase. These agents help teams quickly prioritize real risks and fix them efficiently within pull requests (PR), reducing noise and accelerating secure code delivery.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Introducing&nbsp;Checkmarx&nbsp;AI Supply Chain Security&nbsp;<\/h3>\n\n\n\n<p>As organizations increasingly build with AI components,&nbsp;an entirely new layer is introduced into the supply chain, requiring dedicated security to address its unique challenges and risks.&nbsp;<\/p>\n\n\n\n<p>Checkmarx&nbsp;AI&nbsp;Supply Chain Security&nbsp;provides&nbsp;<strong>full visibility and risk assessment across the AI stack<\/strong>. With a centralized inventory and AI-BOM covering MCP servers, LLMs, AI agents, SDKs, and more, teams can move fast with AI, without losing control over security.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">SAST AI and DAST for AI&nbsp;&nbsp;<\/h3>\n\n\n\n<p>Checkmarx&nbsp;enhanced its two core security engines to support AI-powered SAST scanning across&nbsp;virtually any&nbsp;programming language, helping organizations future-proof their technology adoption. In parallel, we strengthened our DAST engine to deliver runtime protection aligned with the realities of AI-driven and \u201cvibe coding\u201d development.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Risk Orchestration within ASPM&nbsp;<\/h3>\n\n\n\n<p>Checkmarx&nbsp;also announced a new and enhanced risk management and visibility solution&nbsp;across applications, projects, and repositories to improve decision-making, reduce noise, and highlight critical vulnerabilities.&nbsp;<\/p>\n\n\n\n<p>Agent identity&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Policy boundaries&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Auditability of decisions&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>the tooling landscape must evolve to keep pace with the speed of AI-driven development. The shift is no longer about \u201cAI in AppSec,\u201d but about AppSec itself becoming&nbsp;an entirely different paradigm &#8211;&nbsp;agentic, autonomous, and continuous by design.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img decoding=\"async\" width=\"922\" height=\"687\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/CX-RSAC-2.webp\" alt=\"\" class=\"wp-image-107933\" style=\"aspect-ratio:1.342087525276481;width:642px;height:auto\" srcset=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/CX-RSAC-2.webp 922w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/CX-RSAC-2-300x224.webp 300w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/CX-RSAC-2-768x572.webp 768w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/CX-RSAC-2-785x585.webp 785w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/CX-RSAC-2-400x298.webp 400w\" sizes=\"(max-width: 922px) 100vw, 922px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-3\">Closing Notes&nbsp;<\/h2>\n\n\n\n<p>The idea that \u201cAppSec is becoming agentic\u201d goes beyond a shift in tooling \u2014 it reflects a fundamentally&nbsp;different way&nbsp;of working with and understanding application security.&nbsp;<\/p>\n\n\n\n<p><strong>AppSec is changing its DNA.<\/strong>&nbsp;<\/p>\n\n\n\n<p>That is why, compared to 2025, this year\u2019s event was overwhelmingly focused on AI and Agentic Application Security, with a clear emphasis on how&nbsp;<\/p>","protected":false},"excerpt":{"rendered":"<p>RSAC 2026 Marked a Turning Point for AppSec. The Reason \u2013 Agentic Security&nbsp; RSA Conference 2026 has just wrapped in San Francisco.&nbsp; If&nbsp;you\u2019ve&nbsp;been to enough of these events, you know that while&nbsp;they\u2019re&nbsp;valuable for innovation, connection, and hearing where the industry is headed, they tend to blend into&nbsp;the collective memory of past events&nbsp;after a couple&nbsp;months,&nbsp;with little [&hellip;]<\/p>\n","protected":false},"author":143,"featured_media":107921,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1284,85,84,1424,1283],"tags":[1510,1272,1509,1506,1507,1508],"class_list":["post-107906","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ai-llm-tools-in-application-security","category-application-security-trends","category-blog","category-checkmarx-one","category-checkmarx-product-use-cases-guides","tag-adlc","tag-agentic-ai","tag-agentic-appsec","tag-conferences","tag-rsac","tag-rsac-2026"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>RSAC 2026 Marked a Turning Point for AppSec. The Reason \u2013 Agentic Security\u00a0<\/title>\n<meta name=\"description\" content=\"Agentic security took center stage at RSAC 2026. Explore the key themes that defined the event and what they mean for securing the AI development lifecycle\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/blog\/rsac-2026-marked-a-turning-point-for-appsec-the-reason-agentic-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"RSAC 2026 Marked a Turning Point for AppSec. The Reason \u2013 Agentic Security\u00a0\" \/>\n<meta property=\"og:description\" content=\"Agentic security took center stage at RSAC 2026. Explore the key themes that defined the event and what they mean for securing the AI development lifecycle\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/blog\/rsac-2026-marked-a-turning-point-for-appsec-the-reason-agentic-security\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:published_time\" content=\"2026-03-26T16:02:10+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-30T08:57:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-1-1.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1280\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Eran Kinsbruner\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Eran Kinsbruner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/checkmarx.com\/blog\/rsac-2026-marked-a-turning-point-for-appsec-the-reason-agentic-security\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/rsac-2026-marked-a-turning-point-for-appsec-the-reason-agentic-security\/\"},\"author\":{\"name\":\"Eran Kinsbruner\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/0e5df47a6fb9c1bc0e0b31ef6cfd41fa\"},\"headline\":\"RSAC 2026 Marked a Turning Point for AppSec. The Reason \u2013 Agentic Security\u00a0\",\"datePublished\":\"2026-03-26T16:02:10+00:00\",\"dateModified\":\"2026-03-30T08:57:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/rsac-2026-marked-a-turning-point-for-appsec-the-reason-agentic-security\/\"},\"wordCount\":1088,\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/rsac-2026-marked-a-turning-point-for-appsec-the-reason-agentic-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-1-1.webp\",\"keywords\":[\"ADLC\",\"Agentic AI\",\"Agentic AppSec\",\"conferences\",\"RSAC\",\"RSAC 2026\"],\"articleSection\":[\"AI &amp; LLM Tools in Application Security\",\"Application Security Trends &amp; Insights\",\"Blog\",\"Checkmarx One\",\"Checkmarx Product News, Use Cases &amp; Guides\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/blog\/rsac-2026-marked-a-turning-point-for-appsec-the-reason-agentic-security\/\",\"url\":\"https:\/\/checkmarx.com\/blog\/rsac-2026-marked-a-turning-point-for-appsec-the-reason-agentic-security\/\",\"name\":\"RSAC 2026 Marked a Turning Point for AppSec. The Reason \u2013 Agentic Security\u00a0\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/rsac-2026-marked-a-turning-point-for-appsec-the-reason-agentic-security\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/rsac-2026-marked-a-turning-point-for-appsec-the-reason-agentic-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-1-1.webp\",\"datePublished\":\"2026-03-26T16:02:10+00:00\",\"dateModified\":\"2026-03-30T08:57:05+00:00\",\"description\":\"Agentic security took center stage at RSAC 2026. Explore the key themes that defined the event and what they mean for securing the AI development lifecycle\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/blog\/rsac-2026-marked-a-turning-point-for-appsec-the-reason-agentic-security\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/blog\/rsac-2026-marked-a-turning-point-for-appsec-the-reason-agentic-security\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-1-1.webp\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-1-1.webp\",\"width\":2560,\"height\":1280},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/0e5df47a6fb9c1bc0e0b31ef6cfd41fa\",\"name\":\"Eran Kinsbruner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/05\/Eran-Kinsbruner-avatar-150x150.jpg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/05\/Eran-Kinsbruner-avatar-150x150.jpg\",\"caption\":\"Eran Kinsbruner\"},\"description\":\"Enterprise Product Marketing Executive. Recognized thought leader, board advisor to stealth companies, researcher, inventor, and best-selling author of four books. Expertise in B2B SAAS, AI, observability, DevOps, and software quality.\",\"url\":\"https:\/\/checkmarx.com\/author\/erankinsbruner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"RSAC 2026 Marked a Turning Point for AppSec. The Reason \u2013 Agentic Security\u00a0","description":"Agentic security took center stage at RSAC 2026. Explore the key themes that defined the event and what they mean for securing the AI development lifecycle","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/blog\/rsac-2026-marked-a-turning-point-for-appsec-the-reason-agentic-security\/","og_locale":"en_US","og_type":"article","og_title":"RSAC 2026 Marked a Turning Point for AppSec. The Reason \u2013 Agentic Security\u00a0","og_description":"Agentic security took center stage at RSAC 2026. Explore the key themes that defined the event and what they mean for securing the AI development lifecycle","og_url":"https:\/\/checkmarx.com\/blog\/rsac-2026-marked-a-turning-point-for-appsec-the-reason-agentic-security\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_published_time":"2026-03-26T16:02:10+00:00","article_modified_time":"2026-03-30T08:57:05+00:00","og_image":[{"width":2560,"height":1280,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-1-1.webp","type":"image\/webp"}],"author":"Eran Kinsbruner","twitter_card":"summary_large_image","twitter_creator":"@checkmarx","twitter_site":"@checkmarx","twitter_misc":{"Written by":"Eran Kinsbruner","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/checkmarx.com\/blog\/rsac-2026-marked-a-turning-point-for-appsec-the-reason-agentic-security\/#article","isPartOf":{"@id":"https:\/\/checkmarx.com\/blog\/rsac-2026-marked-a-turning-point-for-appsec-the-reason-agentic-security\/"},"author":{"name":"Eran Kinsbruner","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/0e5df47a6fb9c1bc0e0b31ef6cfd41fa"},"headline":"RSAC 2026 Marked a Turning Point for AppSec. The Reason \u2013 Agentic Security\u00a0","datePublished":"2026-03-26T16:02:10+00:00","dateModified":"2026-03-30T08:57:05+00:00","mainEntityOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/rsac-2026-marked-a-turning-point-for-appsec-the-reason-agentic-security\/"},"wordCount":1088,"publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/rsac-2026-marked-a-turning-point-for-appsec-the-reason-agentic-security\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-1-1.webp","keywords":["ADLC","Agentic AI","Agentic AppSec","conferences","RSAC","RSAC 2026"],"articleSection":["AI &amp; LLM Tools in Application Security","Application Security Trends &amp; Insights","Blog","Checkmarx One","Checkmarx Product News, Use Cases &amp; Guides"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/blog\/rsac-2026-marked-a-turning-point-for-appsec-the-reason-agentic-security\/","url":"https:\/\/checkmarx.com\/blog\/rsac-2026-marked-a-turning-point-for-appsec-the-reason-agentic-security\/","name":"RSAC 2026 Marked a Turning Point for AppSec. The Reason \u2013 Agentic Security\u00a0","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/rsac-2026-marked-a-turning-point-for-appsec-the-reason-agentic-security\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/rsac-2026-marked-a-turning-point-for-appsec-the-reason-agentic-security\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-1-1.webp","datePublished":"2026-03-26T16:02:10+00:00","dateModified":"2026-03-30T08:57:05+00:00","description":"Agentic security took center stage at RSAC 2026. Explore the key themes that defined the event and what they mean for securing the AI development lifecycle","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/blog\/rsac-2026-marked-a-turning-point-for-appsec-the-reason-agentic-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/blog\/rsac-2026-marked-a-turning-point-for-appsec-the-reason-agentic-security\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-1-1.webp","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-1-1.webp","width":2560,"height":1280},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]},{"@type":"Person","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/0e5df47a6fb9c1bc0e0b31ef6cfd41fa","name":"Eran Kinsbruner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/05\/Eran-Kinsbruner-avatar-150x150.jpg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/05\/Eran-Kinsbruner-avatar-150x150.jpg","caption":"Eran Kinsbruner"},"description":"Enterprise Product Marketing Executive. Recognized thought leader, board advisor to stealth companies, researcher, inventor, and best-selling author of four books. Expertise in B2B SAAS, AI, observability, DevOps, and software quality.","url":"https:\/\/checkmarx.com\/author\/erankinsbruner\/"}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/107906","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/143"}],"replies":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/comments?post=107906"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/107906\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/107921"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=107906"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/categories?post=107906"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/tags?post=107906"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}},{"id":107874,"date":"2026-03-25T19:03:01","date_gmt":"2026-03-25T17:03:01","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?p=107874"},"modified":"2026-03-25T19:06:12","modified_gmt":"2026-03-25T17:06:12","slug":"why-vulnerability-detection-doesnt-scale","status":"publish","type":"post","link":"https:\/\/checkmarx.com\/blog\/why-vulnerability-detection-doesnt-scale\/","title":{"rendered":"Why Vulnerability Detection\u00a0Doesn\u2019t\u00a0Scale\u00a0\u00a0"},"content":{"rendered":"<p>Most AppSec teams are not&nbsp;failing to detect&nbsp;risk.&nbsp;They\u2019re&nbsp;just&nbsp;failing to remediate&nbsp;it fast enough.&nbsp;<\/p>\n\n\n\n<p>Security programs now find more vulnerabilities than they can fix, and remediation&nbsp;hasn\u2019t&nbsp;kept pace with how fast teams ship code. AI-generated code has made that gap worse, adding volume and complexity faster than security processes have adapted.&nbsp;<\/p>\n\n\n\n<p>Coverage has&nbsp;expanded,&nbsp;scanning is continuous, and visibility is no longer the bottleneck&nbsp;\u2013&nbsp;but the ability to act on that visibility at scale&nbsp;hasn\u2019t&nbsp;kept up. Backlogs&nbsp;grow,&nbsp;MTTR stays stubbornly high, and the same classes of vulnerabilities reappear across releases, even as detection improves.&nbsp;<\/p>\n\n\n\n<p>The gap&nbsp;isn\u2019t&nbsp;that security teams lack maturity.&nbsp;It\u2019s&nbsp;that AppSec was never built to&nbsp;operate&nbsp;at&nbsp;this scale.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-1\">Detection&nbsp;Has&nbsp;Scaled. Execution&nbsp;Has&nbsp;Not.&nbsp;<\/h2>\n\n\n\n<p>A growing share of&nbsp;<a href=\"https:\/\/www.forbes.com\/sites\/tonybradley\/2025\/07\/29\/the-hidden-costs-of-ignoring-application-security\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">organizations now acknowledge shipping software with known vulnerabilities<\/a>&nbsp;to keep delivery moving&nbsp;But&nbsp;the pace of exploitation is accelerating at the same time.&nbsp;Research shows that the average time to exploit newly disclosed vulnerabilities has dropped dramatically in recent years, with attackers increasingly weaponizing vulnerabilities within days of disclosure and sometimes within hours.&nbsp;In 2025, nearly&nbsp;<a href=\"https:\/\/www.forbes.com\/sites\/tonybradley\/2025\/07\/29\/the-hidden-costs-of-ignoring-application-security\" target=\"_blank\" rel=\"noreferrer noopener\">one-third of known exploited vulnerabilities were exploited on or before the day they were publicly&nbsp;disclosed<\/a>, leaving&nbsp;organizations&nbsp;little time to evaluate and remediate risk.&nbsp;&nbsp;<\/p>\n\n\n\n<p>The&nbsp;distance&nbsp;between discovery and remediation is no longer&nbsp;a&nbsp;theoretical&nbsp;chasm. It is operational, measurable, and increasingly visible to boards, regulators, and customers.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-2\">Detection Solved Visibility, Not Outcomes&nbsp;<\/h2>\n\n\n\n<p>For more than a decade, AppSec investments focused on improving detection&nbsp;\u2013&nbsp;and that&nbsp;initially&nbsp;worked.&nbsp;Coverage expanded across proprietary code and open-source&nbsp;dependencies,&nbsp;scanning became faster, findings became&nbsp;richer,&nbsp;&nbsp;and&nbsp;dashboards&nbsp;and reporting&nbsp;improved. But&nbsp;risk&nbsp;outcomes&nbsp;did not.&nbsp;<\/p>\n\n\n\n<p>Security teams now&nbsp;operate&nbsp;in an environment where visibility is&nbsp;abundant,&nbsp;but action is constrained. Thousands of findings accumulate without clear prioritization, causing analysts&nbsp;to&nbsp;spend hours&nbsp;validating&nbsp;reachability and exploitability.&nbsp;At the same time, developers receive findings without enough context to determine what actually matters.&nbsp;Different teams&nbsp;end up&nbsp;making&nbsp;different decisions on identical&nbsp;issues&nbsp;and the&nbsp;result is a system that knows&nbsp;more&nbsp;but&nbsp;fixes&nbsp;less.&nbsp;<\/p>\n\n\n\n<p>This mismatch is&nbsp;becoming more pronounced as&nbsp;AI continues to accelerate&nbsp;development&nbsp;velocity.&nbsp;Leaders at major software organizations have&nbsp;publicly stated&nbsp;that&nbsp;a s<a href=\"https:\/\/unanswered.io\/guide\/how-much-of-googles-code-is-written-by-ai\" target=\"_blank\" rel=\"noreferrer noopener\">ignificant portion&nbsp;of new code is now generated with AI&nbsp;assistance<\/a>&nbsp;and&nbsp;only&nbsp;reviewed by engineers before release.&nbsp;<\/p>\n\n\n\n<p>More code, shipped faster, means more potential risk, and more risk requires more capacity to remediate, not just more capacity to detect.&nbsp;Detection surfaced the problem. It&nbsp;didn&#8217;t&nbsp;solve it.&nbsp;&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-3\">The Execution Gap Is the New AppSec Bottleneck&nbsp;<\/h2>\n\n\n\n<p>The execution&nbsp;gap&nbsp;is not a single failure point, but&nbsp;the accumulation of small inefficiencies that compound at scale.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Triage still depends on human judgment&nbsp;that gets repeated inconsistently across teams, with prioritization varying based on who happens to review a given finding.&nbsp;Fix guidance is&nbsp;often&nbsp;advisory, leaving developers to interpret and implement solutions themselves.&nbsp;And&nbsp;governance&nbsp;tends to&nbsp;exist&nbsp;in policy&nbsp;documents instead&nbsp;of&nbsp;the workflows where decisions are actually made.&nbsp;Individually, these issues are manageable. At AI-scale, they become&nbsp;systemic, thereby compounding&nbsp;AppSec&nbsp;challenges, not because teams&nbsp;lack&nbsp;tools, but because the system connecting detection to action is inconsistent. When execution varies, risk becomes unpredictable&nbsp;and&nbsp;auditability degrades. When workflows depend on manual interpretation, service-level commitments&nbsp;become&nbsp;unenforceable.&nbsp;<\/p>\n\n\n\n<p>&nbsp;What looks like a technical problem is, at its core, actually an operational one.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-4\">The&nbsp;Pull Request Is the Only Place Execution Can Scale<\/h2>\n\n\n\n<p>For years, AppSec findings have flowed into tickets, dashboards, and reports \u2013&nbsp;but that\u2019s not where&nbsp;fix&nbsp;decisions get made.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Execution happens&nbsp;in&nbsp;the pull request,&nbsp;where code is reviewed, discussed, approved, and merged. It is where context exists,&nbsp;accountability is enforced, and&nbsp;decisions are recorded by default.&nbsp;Pull requests can be configured to block merges until required checks pass, including security scanning results.&nbsp;&nbsp;<\/p>\n\n\n\n<p>In practice, this means remediation decisions and risk acceptance already occur in the pull request workflow, whether security teams formally recognize it or not.&nbsp;So why&nbsp;are&nbsp;security&nbsp;decisions&nbsp;still being made outside of this workflow?&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-5\">From Detection to Decision Infrastructure&nbsp;<\/h2>\n\n\n\n<p>Modern AppSec needs a system that can turn findings into decisions. Not every vulnerability is exploitable; some represent real, reachable risk, others are false positives, and others fall within acceptable risk thresholds depending on context. Today, this distinction is made manually and inconsistently.<\/p>\n\n\n\n<p>Decision infrastructure changes that. It classifies findings with reasoning, distinguishes between what must be fixed and what can be deprioritized, and surfaces those decisions directly in the pull request. It enables guided, reviewable remediation that is aligned with how the application actually works.<\/p>\n\n\n\n<p>The industry has largely moved toward context-driven prioritization, with modern vulnerability management frameworks emphasizing exploitability and real-world impact over severity scores alone. But translating detection signals into actionable risk decisions requires decision infrastructure, and without it, the value of detection is incomplete.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-6\">Where Triage and Remediation Actually Happen&nbsp;<\/h2>\n\n\n\n<p>Modern AppSec programs are beginning to embed agentic workflows directly in the pull request, delivering security decisions and fixes where code is actually reviewed and merged.&nbsp;Checkmarx&nbsp;One&nbsp;is&nbsp;built&nbsp;on&nbsp;this&nbsp;model.<strong>&nbsp;<\/strong><a href=\"https:\/\/checkmarx.com\/product\/triage-and-remediation\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Triage<\/strong><\/a><strong>&nbsp;<\/strong><a href=\"https:\/\/checkmarx.com\/product\/triage-and-remediation\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Assist<\/strong><\/a>&nbsp;addresses&nbsp;the first execution bottleneck: deciding what&nbsp;requires&nbsp;immediate&nbsp;action.&nbsp;It evaluates findings using contextual analysis to&nbsp;determine&nbsp;whether a vulnerability is reachable, exploitable, and relevant within the application environment. Instead of presenting developers with raw scan output, it produces decision-ready outcomes that&nbsp;identify&nbsp;which&nbsp;issues must be&nbsp;fixed, deferred, and&nbsp;or&nbsp;represent acceptable risk under policy.&nbsp;<\/p>\n\n\n\n<p>This shift replaces manual triage queues with consistent, evidence-based decision logic that can be applied across repositories, teams, and applications. Decisions become standardized, rationale becomes&nbsp;visible&nbsp;and governance becomes enforceable.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/checkmarx.com\/product\/triage-and-remediation\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Remediation Assist<\/strong><\/a>&nbsp;addresses the second execution bottleneck: turning decisions into completed work. Once an issue is identified as requiring action, remediation guidance is delivered directly in the pull request as a reviewable code change that aligns with the&nbsp;application\u2019s&nbsp;frameworks and dependencies. Developers evaluate the proposed fix using their existing review process, preserving accountability and control while accelerating resolution. Human approval&nbsp;remains&nbsp;mandatory,&nbsp;but&nbsp;developers&nbsp;don\u2019t&nbsp;need to&nbsp;start from scratch&nbsp;when addressing security issues. The path from detection to remediation becomes shorter, more predictable, and easier to govern.&nbsp;<\/p>\n\n\n\n<p>Together, these capabilities transform the pull request into a true execution layer for application security. Risk decisions are made where code changes&nbsp;occur,&nbsp;fixes are delivered where developers work,&nbsp;and evidence is recorded where auditors expect it.&nbsp;&nbsp;<\/p>\n\n\n\n<p>And this approach scales.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-7\">Why Governance Must Be Embedded, Not Enforced Later&nbsp;<\/h2>\n\n\n\n<p>When governance exists outside the workflow, it is optional by default. It relies on teams remembering to follow it, interpreting it correctly, and applying it consistently. At scale, that approach breaks down.&nbsp;<\/p>\n\n\n\n<p>But when governance is embedded in execution, it becomes part of how work gets done.&nbsp;This principle is increasingly reflected in secure software development standards.&nbsp;Frameworks such as the NIST Secure Software Development Framework emphasize the importance of&nbsp;maintaining&nbsp;evidence and artifacts that&nbsp;demonstrate&nbsp;how security decisions were made and implemented throughout the&nbsp;development&nbsp;lifecycle.&nbsp;<\/p>\n\n\n\n<p>That requirement changes&nbsp;what AppSec governance actually means.&nbsp;&nbsp;Policy alone&nbsp;isn\u2019t&nbsp;sufficient; what matters is documented execution that preserves human oversight, where prioritization criteria are applied consistently, remediation is scoped and controlled, and decisions are captured automatically without&nbsp;additional&nbsp;administrative&nbsp;overhead. This&nbsp;is&nbsp;the difference between policy and control.&nbsp;Triage and remediation capabilities built directly into development workflows&nbsp;don&#8217;t&nbsp;replace decision-making,&nbsp;they structure it, bringing prioritization, reasoning, and fix guidance into the pull request where decisions are already happening.&nbsp;The result is&nbsp;governed&nbsp;execution, not autonomous remediation.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-8\">What Changes When Execution Is Operationalized&nbsp;<\/h2>\n\n\n\n<p>When execution is built into the workflow, the system begins to behave differently.&nbsp;<\/p>\n\n\n\n<p>Manual triage effort drops because classification is no longer repeated across teams. Time to&nbsp;decision&nbsp;shrinks because context and reasoning are already available. Remediation becomes more consistent because developers are not guessing what matters or how to fix it. Risk acceptance becomes explicit, not implied. Auditability improves because decisions are captured as part of normal development activity.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Perhaps most&nbsp;importantly, the relationship between security and engineering changes.&nbsp;When developers receive clear, contextualized guidance in the pull request,&nbsp;security stops being perceived as noise and starts being seen as actionable&nbsp;input, reducing friction.&nbsp;The conversation shifts from asking why a finding exists to deciding what action should be taken.&nbsp;<\/p>\n\n\n\n<p>This shift is increasingly necessary as development complexity grows.\u00a0Software\u00a0supply chain risk, third-party dependencies, and AI-assisted development are expanding the attack surface faster than traditional workflows can keep pace. <\/p>\n\n\n\n<p><a href=\"https:\/\/www.techradar.com\/pro\/security\/software-supply-chain-attacks-pose-huge-dangers-heres-how-to-bolster-your-defenses\" target=\"_blank\" rel=\"noreferrer noopener\">Recent reporting<\/a>\u00a0shows\u00a0that\u00a0most\u00a0organizations have experienced supply chain attacks within the past year, reinforcing the need for consistent, scalable remediation processes.\u00a0\u00a0By adopting this approach, AppSec can scale effectively without requiring a proportional increase in headcount.\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-9\">The Necessary&nbsp;Shift&nbsp;to Agentic AppSec&nbsp;<\/h2>\n\n\n\n<p>Detection is table stakes\u00a0in 2026.\u00a0The organizations that optimize detection alone will continue to generate more findings than they can act on. Backlogs will\u00a0grow\u00a0and the\u00a0gap\u00a0between visibility and execution will\u00a0widen. Security teams will remain overwhelmed, and risk decisions will remain inconsistent.\u00a0\u00a0<\/p>\n\n\n\n<p>The organizations that operationalize execution will close that&nbsp;gap.&nbsp;They will make&nbsp;decisions&nbsp;where work happens. They will standardize how those decisions are made. They will embed governance into the workflow instead of enforcing it after the fact.&nbsp;And&nbsp;they will measure success not by how much they find, but by how much they&nbsp;fix.&nbsp;&nbsp;<\/p>\n\n\n\n<p>This shift is&nbsp;defining modern, agentic&nbsp;application security.&nbsp;<\/p>\n\n\n\n<p>Read the next article:&nbsp;<a href=\"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/reachability-was-a-breakthrough-but-now-its-not-enough\/\">Attackability: Why Context, Not Reachability, Should Drive Remediation<\/a><\/p>\n\n\n\n<p>Learn how modern AppSec teams prioritize vulnerabilities based on reachability, exploitability, and real-world impact to reduce noise and focus remediation where it matters most.&nbsp;<\/p>\n\n\n\n<p><\/p>","protected":false},"excerpt":{"rendered":"<p>The execution gap that is quietly breaking modern AppSec programs.<\/p>\n","protected":false},"author":32,"featured_media":107877,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[84],"tags":[1272,1409,1429,87],"class_list":["post-107874","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-agentic-ai","tag-ai-agents","tag-ai-generated-code-2","tag-appsec"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Why Vulnerability Detection\u00a0Doesn\u2019t\u00a0Scale\u00a0\u00a0<\/title>\n<meta name=\"description\" content=\"AppSec gap\u00a0aren&#039;t because\u00a0that security teams lack maturity.\u00a0It\u2019s\u00a0because AppSec was never built to\u00a0operate\u00a0at\u00a0AI-scale.\u00a0\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/blog\/why-vulnerability-detection-doesnt-scale\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Why Vulnerability Detection\u00a0Doesn\u2019t\u00a0Scale\u00a0\u00a0\" \/>\n<meta property=\"og:description\" content=\"AppSec gap\u00a0aren&#039;t because\u00a0that security teams lack maturity.\u00a0It\u2019s\u00a0because AppSec was never built to\u00a0operate\u00a0at\u00a0AI-scale.\u00a0\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/blog\/why-vulnerability-detection-doesnt-scale\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:published_time\" content=\"2026-03-25T17:03:01+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-25T17:06:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Photocentric-Work-from-Anywhere-Blog-Banner-1.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"2240\" \/>\n\t<meta property=\"og:image:height\" content=\"1260\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Rebecca Spiegel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rebecca Spiegel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/checkmarx.com\/blog\/why-vulnerability-detection-doesnt-scale\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/why-vulnerability-detection-doesnt-scale\/\"},\"author\":{\"name\":\"Rebecca Spiegel\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/a3ab30b42e891e3562aa46a70bbb0674\"},\"headline\":\"Why Vulnerability Detection\u00a0Doesn\u2019t\u00a0Scale\u00a0\u00a0\",\"datePublished\":\"2026-03-25T17:03:01+00:00\",\"dateModified\":\"2026-03-25T17:06:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/why-vulnerability-detection-doesnt-scale\/\"},\"wordCount\":1866,\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/why-vulnerability-detection-doesnt-scale\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Photocentric-Work-from-Anywhere-Blog-Banner-1.webp\",\"keywords\":[\"Agentic AI\",\"AI Agents\",\"AI generated code\",\"AppSec\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/blog\/why-vulnerability-detection-doesnt-scale\/\",\"url\":\"https:\/\/checkmarx.com\/blog\/why-vulnerability-detection-doesnt-scale\/\",\"name\":\"Why Vulnerability Detection\u00a0Doesn\u2019t\u00a0Scale\u00a0\u00a0\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/why-vulnerability-detection-doesnt-scale\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/why-vulnerability-detection-doesnt-scale\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Photocentric-Work-from-Anywhere-Blog-Banner-1.webp\",\"datePublished\":\"2026-03-25T17:03:01+00:00\",\"dateModified\":\"2026-03-25T17:06:12+00:00\",\"description\":\"AppSec gap\u00a0aren't because\u00a0that security teams lack maturity.\u00a0It\u2019s\u00a0because AppSec was never built to\u00a0operate\u00a0at\u00a0AI-scale.\u00a0\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/blog\/why-vulnerability-detection-doesnt-scale\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/blog\/why-vulnerability-detection-doesnt-scale\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Photocentric-Work-from-Anywhere-Blog-Banner-1.webp\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Photocentric-Work-from-Anywhere-Blog-Banner-1.webp\",\"width\":2240,\"height\":1260,\"caption\":\"Detection doesn't scale\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/a3ab30b42e891e3562aa46a70bbb0674\",\"name\":\"Rebecca Spiegel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_32.jpg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_32.jpg\",\"caption\":\"Rebecca Spiegel\"},\"url\":\"https:\/\/checkmarx.com\/author\/rebecca\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Why Vulnerability Detection\u00a0Doesn\u2019t\u00a0Scale\u00a0\u00a0","description":"AppSec gap\u00a0aren't because\u00a0that security teams lack maturity.\u00a0It\u2019s\u00a0because AppSec was never built to\u00a0operate\u00a0at\u00a0AI-scale.\u00a0","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/blog\/why-vulnerability-detection-doesnt-scale\/","og_locale":"en_US","og_type":"article","og_title":"Why Vulnerability Detection\u00a0Doesn\u2019t\u00a0Scale\u00a0\u00a0","og_description":"AppSec gap\u00a0aren't because\u00a0that security teams lack maturity.\u00a0It\u2019s\u00a0because AppSec was never built to\u00a0operate\u00a0at\u00a0AI-scale.\u00a0","og_url":"https:\/\/checkmarx.com\/blog\/why-vulnerability-detection-doesnt-scale\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_published_time":"2026-03-25T17:03:01+00:00","article_modified_time":"2026-03-25T17:06:12+00:00","og_image":[{"width":2240,"height":1260,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Photocentric-Work-from-Anywhere-Blog-Banner-1.webp","type":"image\/webp"}],"author":"Rebecca Spiegel","twitter_card":"summary_large_image","twitter_creator":"@checkmarx","twitter_site":"@checkmarx","twitter_misc":{"Written by":"Rebecca Spiegel","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/checkmarx.com\/blog\/why-vulnerability-detection-doesnt-scale\/#article","isPartOf":{"@id":"https:\/\/checkmarx.com\/blog\/why-vulnerability-detection-doesnt-scale\/"},"author":{"name":"Rebecca Spiegel","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/a3ab30b42e891e3562aa46a70bbb0674"},"headline":"Why Vulnerability Detection\u00a0Doesn\u2019t\u00a0Scale\u00a0\u00a0","datePublished":"2026-03-25T17:03:01+00:00","dateModified":"2026-03-25T17:06:12+00:00","mainEntityOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/why-vulnerability-detection-doesnt-scale\/"},"wordCount":1866,"publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/why-vulnerability-detection-doesnt-scale\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Photocentric-Work-from-Anywhere-Blog-Banner-1.webp","keywords":["Agentic AI","AI Agents","AI generated code","AppSec"],"articleSection":["Blog"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/blog\/why-vulnerability-detection-doesnt-scale\/","url":"https:\/\/checkmarx.com\/blog\/why-vulnerability-detection-doesnt-scale\/","name":"Why Vulnerability Detection\u00a0Doesn\u2019t\u00a0Scale\u00a0\u00a0","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/why-vulnerability-detection-doesnt-scale\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/why-vulnerability-detection-doesnt-scale\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Photocentric-Work-from-Anywhere-Blog-Banner-1.webp","datePublished":"2026-03-25T17:03:01+00:00","dateModified":"2026-03-25T17:06:12+00:00","description":"AppSec gap\u00a0aren't because\u00a0that security teams lack maturity.\u00a0It\u2019s\u00a0because AppSec was never built to\u00a0operate\u00a0at\u00a0AI-scale.\u00a0","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/blog\/why-vulnerability-detection-doesnt-scale\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/blog\/why-vulnerability-detection-doesnt-scale\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Photocentric-Work-from-Anywhere-Blog-Banner-1.webp","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Photocentric-Work-from-Anywhere-Blog-Banner-1.webp","width":2240,"height":1260,"caption":"Detection doesn't scale"},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]},{"@type":"Person","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/a3ab30b42e891e3562aa46a70bbb0674","name":"Rebecca Spiegel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_32.jpg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_32.jpg","caption":"Rebecca Spiegel"},"url":"https:\/\/checkmarx.com\/author\/rebecca\/"}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/107874","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/comments?post=107874"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/107874\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/107877"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=107874"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/categories?post=107874"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/tags?post=107874"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}},{"id":107714,"date":"2026-03-24T17:30:14","date_gmt":"2026-03-24T15:30:14","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?p=107714"},"modified":"2026-03-25T19:02:43","modified_gmt":"2026-03-25T17:02:43","slug":"attackability-why-context-not-reachability-should-drive-remediation","status":"publish","type":"post","link":"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/reachability-was-a-breakthrough-but-now-its-not-enough\/","title":{"rendered":"Attackability: Why Context, Not Reachability, Should Drive Remediation\u00a0"},"content":{"rendered":"<p>For years, reachability has been the security industry\u2019s go-to approach for vulnerability prioritization.&nbsp;Instead of flagging every vulnerable dependency, the idea was to determine whether an application could actually reach the vulnerable function.&nbsp;This marked&nbsp;a meaningful&nbsp;step forward in&nbsp;application security, shifting focus to code that&nbsp;executes&nbsp;in production.&nbsp;<\/p>\n\n\n\n<p><strong>But reachability is not exploitability.&nbsp;<\/strong>A function can be reachable and still pose no practical risk if it sits behind authentication, processes only trusted inputs, or is mitigated by runtime controls. Reachability confirms that code can run, not that an attacker can abuse it.&nbsp;<\/p>\n\n\n\n<p>Modern software development requires more than execution analysis.&nbsp;<\/p>\n\n\n\n<p>Checkmarx&nbsp;Triage Agent addresses this&nbsp;head on&nbsp;with&nbsp;<em>Attackability<\/em>:&nbsp;AI-driven triage that traces attacker-controlled inputs from real ingress points to potential impact and verifies which controls prevent exploitation&nbsp;\u2013&nbsp;and which do not.&nbsp;&nbsp;<\/p>\n\n\n\n<p>The result is triage based on&nbsp;demonstrated&nbsp;exploitability, not theoretical reachability.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-1\">What Reachability Actually Tells You&nbsp;<\/h2>\n\n\n\n<p>Most SCA tools define reachability at the function level:&nbsp;is there a path from your code to the vulnerable function? If yes, the finding is flagged as reachable. If not,&nbsp;it&#8217;s&nbsp;deprioritized.&nbsp;<\/p>\n\n\n\n<p>That\u2019s&nbsp;useful, but&nbsp;it\u2019s&nbsp;also incomplete.&nbsp;Here\u2019s&nbsp;what reachability&nbsp;doesn\u2019t&nbsp;tell you:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Whether the input reaching that function is attacker-controlled, or only comes from trusted internal sources&nbsp;<\/li>\n\n\n\n<li>Whether&nbsp;there&#8217;s&nbsp;a real ingress point (a public API, a webhook, a file upload) that a real attacker could use&nbsp;<\/li>\n\n\n\n<li>Whether required preconditions exist, like a specific protocol behavior or a privileged network position&nbsp;<\/li>\n\n\n\n<li>Whether controls on the path, such as a safe parser, an authentication check, or an allowlist, already break the exploit chain&nbsp;<\/li>\n\n\n\n<li>What the actual impact would be: RCE, data exposure, privilege escalation, or something else<\/li>\n<\/ul>\n\n\n\n<p>A finding can be technically reachable yet completely unexploitable in production.&nbsp;When that happens, engineering&nbsp;time&nbsp;is wasted&nbsp;for no&nbsp;reason, and&nbsp;real risk competes for attention.&nbsp;<\/p>\n\n\n\n<p>Security teams&nbsp;don\u2019t&nbsp;need to know \u201ccan this function run?\u201d&nbsp;they need to know&nbsp;\u201c<strong>can an attacker exploit this in our application, given our ingress points, our controls, and our runtime environment?\u201d<\/strong>&nbsp;<\/p>\n\n\n\n<p>That\u2019s&nbsp;the difference between reachability and&nbsp;attackability.&nbsp;&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-2\">How&nbsp;Attackability&nbsp;Works&nbsp;<\/h2>\n\n\n\n<p>Checkmarx&nbsp;Triage Assist&nbsp;introduces&nbsp;Attackability: AI-driven triage that traces attacker-controlled input from real ingress points to&nbsp;potential&nbsp;impact,&nbsp;and&nbsp;validates&nbsp;which controls prevent exploitation and which do not.&nbsp;<\/p>\n\n\n\n<p>Attackability&nbsp;follows a consistent five-step flow regardless of the scanner type:&nbsp;<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<strong>Identify&nbsp;the vulnerable capability and candidate sink.<\/strong>&nbsp;Confirm what the vulnerable library, pattern, or API surface is, and form&nbsp;an initial&nbsp;hypothesis about how exploitation would occur.&nbsp;<\/li>\n\n\n\n<li>\n<strong>Prove or disprove a real execution path.<\/strong>&nbsp;Trace whether the vulnerable code path is reachable in the repository, including direct calls, indirect framework behavior, and configuration-driven invocation.&nbsp;<\/li>\n\n\n\n<li>\n<strong>Validate&nbsp;attacker control and real ingress.<\/strong>&nbsp;Identify&nbsp;how data enters the system (API endpoints, file uploads, queues, webhooks, scheduled jobs) and whether an external attacker can&nbsp;actually influence&nbsp;the data that reaches the sink.&nbsp;<\/li>\n\n\n\n<li>\n<strong>Validate&nbsp;controls and preconditions.<\/strong>&nbsp;Check whether security controls apply on the relevant path: safe parsing, allowlists, auth boundaries, sanitization, runtime hardening. Document any required preconditions, such as a MITM position or specific deployment settings.&nbsp;<\/li>\n\n\n\n<li>\n<strong>Conclude exploitability and explain impact.<\/strong>&nbsp;Give a clear verdict (exploitable, not exploitable, or risk accepted with rationale),&nbsp;state&nbsp;the concrete impact, and provide a minimal-disruption remediation<\/li>\n<\/ol>\n\n\n\n<p>This moves the conversation from \u201cis this reachable?\u201d to \u201cis this exploitable?\u201d&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-3\">Not Just&nbsp;for&nbsp;SCA&nbsp;<\/h2>\n\n\n\n<p>Attackability&nbsp;isn\u2019t&nbsp;limited to dependency&nbsp;finding;&nbsp;it&nbsp;applies&nbsp;the same&nbsp;reasoning&nbsp;across&nbsp;most&nbsp;scanner types.&nbsp;<\/p>\n\n\n\n<p>For&nbsp;<strong>SAST findings<\/strong>, it connects a detected code pattern to a real exploit chain by asking whether&nbsp;there&#8217;s&nbsp;a genuinely attacker-controlled source, whether the data flow reaches a dangerous sink, and whether controls on the path already prevent exploitation. A tainted data flow that never crosses an authentication boundary, or&nbsp;that&#8217;s&nbsp;constrained by an allowlist, can be reachable in code without being attackable in production.&nbsp;<\/p>\n\n\n\n<p>For&nbsp;<strong>IaC&nbsp;and cloud misconfigurations<\/strong>, it evaluates whether a configuration issue is externally accessible and whether it creates a realistic path to impact, factoring in exposure surfaces, identity controls, and network controls.&nbsp;<\/p>\n\n\n\n<p>For&nbsp;<strong>container findings<\/strong>, it assesses whether a vulnerable package is used at runtime, whether the container runs with elevated privileges, and whether the affected&nbsp;component&nbsp;is exposed through a reachable service.&nbsp;<\/p>\n\n\n\n<p>For&nbsp;<strong>secrets&nbsp;detection<\/strong>, it evaluates whether the credential is valid, scoped, and exposed in a way an attacker can&nbsp;actually leverage, factoring in repository visibility, rotation state, and downstream blast radius.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-4\">What Makes the Output Credible&nbsp;<\/h2>\n\n\n\n<p>The&nbsp;Attackability&nbsp;data&nbsp;is useful precisely because&nbsp;it\u2019s&nbsp;verifiable. It includes concrete code references showing how the library or sink is used, a path narrative describing the chain from ingress to sink to impact (including where the chain breaks if the finding&nbsp;isn&#8217;t&nbsp;exploitable), explicit control validation, and a precise impact statement.&nbsp;<\/p>\n\n\n\n<p>This&nbsp;matters&nbsp;more than triage speed. It means developers can see exactly how the issue is triggered and what minimal change breaks the chain. It means risk acceptance decisions are documented with&nbsp;evidence, so security and engineering teams are&nbsp;aligning on&nbsp;facts (not assumptions).&nbsp;&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-5\">Reachability Is&nbsp;Just&nbsp;a Starting Point&nbsp;<\/h2>\n\n\n\n<p>Reachability made&nbsp;vulnerability&nbsp;data&nbsp;more relevant.&nbsp;But&nbsp;reachability&nbsp;is not enough.&nbsp;<\/p>\n\n\n\n<p>Checkmarx&nbsp;Triage Assist\u2019s&nbsp;Attackability&nbsp;adds attacker context, environmental context, and control validation, turning a reachability result into something a team can&nbsp;actually make&nbsp;a decision on.&nbsp;<\/p>\n\n\n\n<p><em>Ready to go deeper? Read the\u00a0<a href=\"https:\/\/checkmarx.com\/the-agentic-ai-buyers-guide\/\"><strong>Agentic AI Buyer\u2019s Guide<\/strong><\/a> to understand what separates decision-grade triage from theoretical analysis or watch the\u00a0<a href=\"https:\/\/checkmarx.com\/product\/triage-and-remediation\/#video\">Checkmarx\u00a0Triage Assist demo video<\/a> to see\u00a0Attackability\u00a0in action.<\/em><\/p>","protected":false},"excerpt":{"rendered":"<p>Reachability is not exploitability.\u00a0Modern software development requires more than execution analysis.<\/p>\n","protected":false},"author":32,"featured_media":107715,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[84],"tags":[1272,455,1429,412,1452],"class_list":["post-107714","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-agentic-ai","tag-ai","tag-ai-generated-code-2","tag-checkmarx-one","tag-developer-assist"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Attackability: Why Context, Not Reachability, Should Drive Remediation\u00a0<\/title>\n<meta name=\"description\" content=\"Reachability is not exploitability.\u00a0AppSec needs Attackability, triage based on\u00a0demonstrated\u00a0exploitability, not theoretical reachability.\u00a0\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/reachability-was-a-breakthrough-but-now-its-not-enough\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Attackability: Why Context, Not Reachability, Should Drive Remediation\u00a0\" \/>\n<meta property=\"og:description\" content=\"Reachability is not exploitability.\u00a0AppSec needs Attackability, triage based on\u00a0demonstrated\u00a0exploitability, not theoretical reachability.\u00a0\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/reachability-was-a-breakthrough-but-now-its-not-enough\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:published_time\" content=\"2026-03-24T15:30:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-25T17:02:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-_4_.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1280\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Rebecca Spiegel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rebecca Spiegel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/reachability-was-a-breakthrough-but-now-its-not-enough\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/reachability-was-a-breakthrough-but-now-its-not-enough\/\"},\"author\":{\"name\":\"Rebecca Spiegel\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/a3ab30b42e891e3562aa46a70bbb0674\"},\"headline\":\"Attackability: Why Context, Not Reachability, Should Drive Remediation\u00a0\",\"datePublished\":\"2026-03-24T15:30:14+00:00\",\"dateModified\":\"2026-03-25T17:02:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/reachability-was-a-breakthrough-but-now-its-not-enough\/\"},\"wordCount\":1079,\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/reachability-was-a-breakthrough-but-now-its-not-enough\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-_4_.webp\",\"keywords\":[\"Agentic AI\",\"AI\",\"AI generated code\",\"checkmarx one\",\"developer assist\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/reachability-was-a-breakthrough-but-now-its-not-enough\/\",\"url\":\"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/reachability-was-a-breakthrough-but-now-its-not-enough\/\",\"name\":\"Attackability: Why Context, Not Reachability, Should Drive Remediation\u00a0\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/reachability-was-a-breakthrough-but-now-its-not-enough\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/reachability-was-a-breakthrough-but-now-its-not-enough\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-_4_.webp\",\"datePublished\":\"2026-03-24T15:30:14+00:00\",\"dateModified\":\"2026-03-25T17:02:43+00:00\",\"description\":\"Reachability is not exploitability.\u00a0AppSec needs Attackability, triage based on\u00a0demonstrated\u00a0exploitability, not theoretical reachability.\u00a0\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/reachability-was-a-breakthrough-but-now-its-not-enough\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/reachability-was-a-breakthrough-but-now-its-not-enough\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-_4_.webp\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-_4_.webp\",\"width\":2560,\"height\":1280,\"caption\":\"Attackability vs. Reachability\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/a3ab30b42e891e3562aa46a70bbb0674\",\"name\":\"Rebecca Spiegel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_32.jpg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_32.jpg\",\"caption\":\"Rebecca Spiegel\"},\"url\":\"https:\/\/checkmarx.com\/author\/rebecca\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Attackability: Why Context, Not Reachability, Should Drive Remediation\u00a0","description":"Reachability is not exploitability.\u00a0AppSec needs Attackability, triage based on\u00a0demonstrated\u00a0exploitability, not theoretical reachability.\u00a0","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/reachability-was-a-breakthrough-but-now-its-not-enough\/","og_locale":"en_US","og_type":"article","og_title":"Attackability: Why Context, Not Reachability, Should Drive Remediation\u00a0","og_description":"Reachability is not exploitability.\u00a0AppSec needs Attackability, triage based on\u00a0demonstrated\u00a0exploitability, not theoretical reachability.\u00a0","og_url":"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/reachability-was-a-breakthrough-but-now-its-not-enough\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_published_time":"2026-03-24T15:30:14+00:00","article_modified_time":"2026-03-25T17:02:43+00:00","og_image":[{"width":2560,"height":1280,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-_4_.webp","type":"image\/webp"}],"author":"Rebecca Spiegel","twitter_card":"summary_large_image","twitter_creator":"@checkmarx","twitter_site":"@checkmarx","twitter_misc":{"Written by":"Rebecca Spiegel","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/reachability-was-a-breakthrough-but-now-its-not-enough\/#article","isPartOf":{"@id":"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/reachability-was-a-breakthrough-but-now-its-not-enough\/"},"author":{"name":"Rebecca Spiegel","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/a3ab30b42e891e3562aa46a70bbb0674"},"headline":"Attackability: Why Context, Not Reachability, Should Drive Remediation\u00a0","datePublished":"2026-03-24T15:30:14+00:00","dateModified":"2026-03-25T17:02:43+00:00","mainEntityOfPage":{"@id":"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/reachability-was-a-breakthrough-but-now-its-not-enough\/"},"wordCount":1079,"publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"image":{"@id":"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/reachability-was-a-breakthrough-but-now-its-not-enough\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-_4_.webp","keywords":["Agentic AI","AI","AI generated code","checkmarx one","developer assist"],"articleSection":["Blog"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/reachability-was-a-breakthrough-but-now-its-not-enough\/","url":"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/reachability-was-a-breakthrough-but-now-its-not-enough\/","name":"Attackability: Why Context, Not Reachability, Should Drive Remediation\u00a0","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/reachability-was-a-breakthrough-but-now-its-not-enough\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/reachability-was-a-breakthrough-but-now-its-not-enough\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-_4_.webp","datePublished":"2026-03-24T15:30:14+00:00","dateModified":"2026-03-25T17:02:43+00:00","description":"Reachability is not exploitability.\u00a0AppSec needs Attackability, triage based on\u00a0demonstrated\u00a0exploitability, not theoretical reachability.\u00a0","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/reachability-was-a-breakthrough-but-now-its-not-enough\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/ai-llm-tools-in-application-security\/reachability-was-a-breakthrough-but-now-its-not-enough\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-_4_.webp","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-_4_.webp","width":2560,"height":1280,"caption":"Attackability vs. Reachability"},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]},{"@type":"Person","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/a3ab30b42e891e3562aa46a70bbb0674","name":"Rebecca Spiegel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_32.jpg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_32.jpg","caption":"Rebecca Spiegel"},"url":"https:\/\/checkmarx.com\/author\/rebecca\/"}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/107714","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/comments?post=107714"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/107714\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/107715"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=107714"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/categories?post=107714"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/tags?post=107714"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}},{"id":107564,"date":"2026-03-24T17:09:32","date_gmt":"2026-03-24T15:09:32","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?p=107564"},"modified":"2026-03-24T17:11:27","modified_gmt":"2026-03-24T15:11:27","slug":"checkmarx-dast-for-the-ai-coding-era","status":"publish","type":"post","link":"https:\/\/checkmarx.com\/blog\/checkmarx-dast-for-the-ai-coding-era\/","title":{"rendered":"Checkmarx DAST for the AI Coding Era: Runtime Security at Machine Speed"},"content":{"rendered":"<p>DAST is suddenly on everyone\u2019s mind \u2013 and for good reason.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Most DAST tools were designed for a world where release cycles were measured in&nbsp;months&nbsp;and penetration testing happened once a year. That model made sense when development moved slowly enough for episodic security reviews to provide meaningful coverage.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Then AI accelerated everything, with&nbsp;AI coding assistants compressing&nbsp;weeks of work into hours.&nbsp;<\/p>\n\n\n\n<p>The gap between how fast applications&nbsp;are&nbsp;being built and how quickly they can be validated is exactly&nbsp;where risk lives. Runtime validation has moved from a nice-to-have to a foundational part of any serious application security program.&nbsp;&nbsp;<\/p>\n\n\n\n<p>The question is no longer whether to implement DAST. It is whether your DAST can&nbsp;keep pace with how&nbsp;fast&nbsp;your teams are building.&nbsp;<\/p>\n\n\n\n<p>Checkmarx&nbsp;has been investing&nbsp;and&nbsp;adapting in&nbsp;runtime security&nbsp;<a href=\"https:\/\/checkmarx.com\/blog\/shift-everywhere-with-checkmarx-one-and-dast\/\" target=\"_blank\" rel=\"noreferrer noopener\">since 2023,<\/a>&nbsp;well before AI-driven development made it&nbsp;a&nbsp;market-wide&nbsp;priority.&nbsp;So,&nbsp;when AI&nbsp;fundamentally&nbsp;changed&nbsp;the pace of software development,&nbsp;we&nbsp;didn\u2019t&nbsp;need to retrofit our approach&nbsp;\u2013 because we&nbsp;were already&nbsp;building&nbsp;for this moment.&nbsp;<\/p>\n\n\n\n<p>The result is the next generation of&nbsp;Checkmarx&nbsp;DAST: runtime security designed to move at AI speed.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-1\">\n<strong>Why Traditional DAST&nbsp;Can\u2019t&nbsp;Keep Pace<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Legacy DAST often depends on heavy&nbsp;<strong>infrastructure&nbsp;setup<\/strong>. Scanning internal applications can require&nbsp;firewall&nbsp;changes, VPN access, security exceptions, or container deployments. These dependencies introduce approval cycles and coordination overhead that simply&nbsp;don\u2019t&nbsp;align with applications being built in days or hours.&nbsp;&nbsp;That model may work for annual testing, but it breaks down completely when security needs to run continuously in your CI\/CD pipeline.&nbsp;<\/p>\n\n\n\n<p><strong>Configuration&nbsp;<\/strong>adds another layer of friction. Authentication scripting, scan tuning, and policy setup frequently&nbsp;require specialized&nbsp;expertise. When onboarding takes longer than development itself, coverage gaps become inevitable.&nbsp;<\/p>\n\n\n\n<p>Even when scanning runs successfully,&nbsp;<strong>context<\/strong>&nbsp;is often fragmented. If SAST and DAST operate in separate systems, teams must manually reconcile findings, deduplicate issues, and correlate risk. That overhead slows remediation and reduces the practical value of runtime testing.&nbsp;<\/p>\n\n\n\n<p>In short, traditional DAST&nbsp;wasn\u2019t&nbsp;built for continuous, developer-driven workflows. It was built for episodic&nbsp;pen&nbsp;testing. And in the AI era,&nbsp;this&nbsp;security creates exposure.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-2\">\n<strong>Runtime Validation Is Now Foundational<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Runtime testing has become a core&nbsp;component&nbsp;of modern application security programs.&nbsp;<\/p>\n\n\n\n<p>In fact, according to the&nbsp;<a href=\"https:\/\/checkmarx.com\/report-future-of-appsec-2025\/\" target=\"_blank\" rel=\"noreferrer noopener\"><em>Future of AppSec<\/em><\/a>&nbsp;report, DAST adoption increased 24% year over year, with 47% of organizations now deploying DAST&nbsp;\u2013&nbsp;up from 38% the previous year. The reason is clear:&nbsp;<a href=\"https:\/\/checkmarx.com\/blog\/unifying-sast-and-dast-the-key-to-fostering-fearless-innovation\/\" target=\"_blank\" rel=\"noreferrer noopener\">static analysis alone&nbsp;isn\u2019t&nbsp;enough to secure<\/a>&nbsp;dynamic, API-driven, AI-assisted applications.&nbsp;<\/p>\n\n\n\n<p>Many vulnerabilities, such as&nbsp;business logic flaws, authentication weaknesses, and configuration errors only&nbsp;emerge&nbsp;when applications are running.&nbsp;So,&nbsp;validating&nbsp;behavior in live environments is no longer optional;&nbsp;it\u2019s&nbsp;essential.&nbsp;<\/p>\n\n\n\n<p>The conversation has shifted from&nbsp;<em>whether<\/em>&nbsp;to implement DAST to&nbsp;<em>how<\/em>&nbsp;to implement it effectively&nbsp;without slowing development.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-3\">\n<strong>Why Runtime Validation Matters in the AI Era<\/strong>&nbsp;<\/h2>\n\n\n\n<p>AI-generated code increases productivity,&nbsp;but it also introduces&nbsp;new&nbsp;risks. Large language models (LLMs)&nbsp;generate functional code, yet they lack full business context and architectural awareness. At higher velocity, human review becomes more constrained.&nbsp;<\/p>\n\n\n\n<p>SAST&nbsp;remains&nbsp;critical for&nbsp;identifying&nbsp;vulnerabilities in source code before deployment. But it does not verify how an application behaves once it is running,&nbsp;especially in environments with complex authentication, APIs, client-side logic, and layered infrastructure.&nbsp;<\/p>\n\n\n\n<p>DAST provides&nbsp;that validation.&nbsp;<\/p>\n\n\n\n<p>By simulating real-world attacker behavior against live applications, it&nbsp;identifies&nbsp;issues that only appear under&nbsp;real operating&nbsp;conditions.&nbsp;<\/p>\n\n\n\n<p>Static analysis shows you what the code is. Runtime validation&nbsp;and DAST&nbsp;show you how it behaves. <strong>Modern application security requires both.<\/strong>&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-4\">\n<strong>How&nbsp;Does&nbsp;Checkmarx&nbsp;DAST Solve This?<\/strong>&nbsp;<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Complete AppSec in One Platform<\/strong><\/h3>\n\n\n\n<p>Checkmarx&nbsp;DAST is built natively within&nbsp;Checkmarx&nbsp;One, delivering unified SAST and DAST findings&nbsp;in&nbsp;a single&nbsp;platform.&nbsp;DAST vulnerabilities&nbsp;are incorporated into&nbsp;a unified&nbsp;risk scoring, enabling faster triage and&nbsp;eliminating&nbsp;duplicate effort.&nbsp;<\/p>\n\n\n\n<p>It is true platform integration&nbsp;with&nbsp;shared context from code to runtime.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Live API scanning further strengthens coverage. REST, SOAP, and\u00a0gRPC\u00a0endpoints are tested dynamically, and APIs discovered by both SAST and DAST are\u00a0consolidated\u00a0into one unified inventory.\u00a0<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Production-Ready in Minutes<\/h3>\n\n\n\n<p>Traditional DAST adoption has been slowed by infrastructure and configuration barriers.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Checkmarx&nbsp;DAST removes them.&nbsp;<\/p>\n\n\n\n<p>Teams can begin scanning&nbsp;immediately&nbsp;without complex network reconfiguration or custom authentication scripting through:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<strong>Pre-configured tunneling<\/strong>&nbsp;for secure internal application scanning<\/li>\n\n\n\n<li>\n<strong>Advanced authentication support<\/strong>&nbsp;with guided setup and MFA validation<\/li>\n\n\n\n<li>\n<strong>Pre-built templates<\/strong>&nbsp;that simplify configuration&nbsp;<\/li>\n\n\n\n<li>\n<strong>Direct CI\/CD integration&nbsp;<\/strong>for continuous testing<\/li>\n<\/ul>\n\n\n\n<p>What once required weeks&nbsp;to set up&nbsp;now&nbsp;can be done in&nbsp;minutes.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\n<strong>Designed for Developer Workflows<\/strong>&nbsp;<\/h3>\n\n\n\n<p>With legacy tools, teams file networking tickets, wait for authentication scripts, and manually reconcile findings before deployment.&nbsp;<\/p>\n\n\n\n<p>With&nbsp;Checkmarx&nbsp;DAST, scanning is configured quickly, authentication is&nbsp;validated&nbsp;through guided workflows, and SAST and DAST findings appear together with correlated risk scoring. Developers receive actionable feedback directly within their pipeline and deploy confidently&nbsp;without introducing bottlenecks.&nbsp;<\/p>\n\n\n\n<p>Security moves with development, not against it.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\n<strong>Runtime Validation You Can Trust<\/strong>&nbsp;<\/h3>\n\n\n\n<p>Checkmarx&nbsp;DAST validates live applications and uncovers vulnerabilities that only&nbsp;emerge&nbsp;at runtime. Because it&nbsp;operates&nbsp;within a unified platform, findings are correlated with SAST results to reduce false positives and improve prioritization.&nbsp;<\/p>\n\n\n\n<p>The result is&nbsp;accurate,&nbsp;actionable&nbsp;runtime security&nbsp;without added friction.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-5\"><strong>Here\u2019s&nbsp;What&nbsp;Makes&nbsp;Checkmarx&nbsp;DAST Different<\/strong><\/h2>\n\n\n\n<p>Checkmarx&nbsp;DAST stands apart because it is:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<strong>Integrated seamlessl<\/strong>y&nbsp;within&nbsp;Checkmarx&nbsp;One,&nbsp;not&nbsp;acquired&nbsp;technology stitched together&nbsp;&nbsp;<\/li>\n\n\n\n<li>\n<strong>Infrastructure-light,<\/strong>&nbsp;eliminating&nbsp;complex agent and network requirements<\/li>\n\n\n\n<li>\n<strong>Comprehensive in scope<\/strong>, covering full web applications and APIs<\/li>\n\n\n\n<li>\n<strong>Enterprise-grade<\/strong>, while&nbsp;remaining&nbsp;accessible to development teams<\/li>\n<\/ul>\n\n\n\n<p>It is built on the proven ZAP foundation with commercial-grade enhancements.&nbsp;The&nbsp;<a href=\"https:\/\/checkmarx.com\/press-releases\/checkmarx-joins-forces-with-zap-to-supercharge-dynamic-application-security-testing-dast-for-the-enterprise-and-enhance-community-growth\/\" target=\"_blank\" rel=\"noreferrer noopener\">Checkmarx-ZAP collaboration<\/a>&nbsp;enables&nbsp;open-source innovation&nbsp;alongside&nbsp;enterprise reliability and scalability.&nbsp;&nbsp;<\/p>\n\n\n\n<p>In fact, ZAP project leaders Simon Bennetts, Rick Mitchell, and Ricardo Pereira joined&nbsp;Checkmarx&nbsp;to help build the next generation of our enterprise-grade DAST offering, while continuing to invest in the open-source ZAP project and grow its global community.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-6\">\n<strong>Getting Started<\/strong>&nbsp;<\/h2>\n\n\n\n<p><strong>Existing&nbsp;Checkmarx&nbsp;customers<\/strong>: Professional and Enterprise plans include DAST. Essentials customers can add DAST to their existing subscription.&nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>New customers<\/strong>: See the unified&nbsp;Checkmarx&nbsp;One platform in action and discover how DAST integrates seamlessly with SAST for complete code-to-runtime security.&nbsp;<\/p>\n\n\n\n<p>You can also&nbsp;tune into our&nbsp;DAST&nbsp;webinar&nbsp;to see it in action&nbsp;<a href=\"https:\/\/checkmarx.com\/the-future-of-dast\/\" target=\"_blank\" rel=\"noreferrer noopener\">here<\/a>.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-7\">\n<strong>What\u2019s Next<\/strong>&nbsp;<\/h2>\n\n\n\n<p>The shift is already underway.&nbsp;According to&nbsp;the&nbsp;Future of&nbsp;AppSec report,&nbsp;DAST&nbsp;adoption grew&nbsp;24% year over year&nbsp;\u2013&nbsp;not because security teams suddenly discovered runtime testing, but because the old model of annual pen tests and periodic scans no longer provide meaningful coverage. Teams building with AI-generated&nbsp;codeneed&nbsp;security that moves on the same timeline.&nbsp;<\/p>\n\n\n\n<p>Checkmarx&nbsp;DAST is built for that reality: unified&nbsp;with SAST&nbsp;on&nbsp;a single platform, deployable in minutes, and designed to work within developer workflows rather than around them.&nbsp;<\/p>\n\n\n\n<p>If you are an existing&nbsp;Checkmarx&nbsp;customer, DAST is already included in Professional and Enterprise plans. Essentials customers can add it to their current&nbsp;subscription&nbsp;and new&nbsp;customers can&nbsp;see it in action at our&nbsp;upcoming&nbsp;webinar.&nbsp;<\/p>","protected":false},"excerpt":{"rendered":"<p>The question is no longer whether to implement DAST. It is whether your DAST can keep pace with how fast your teams are building.<\/p>\n","protected":false},"author":84,"featured_media":107567,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1284,84,1292],"tags":[1272,87,1470],"class_list":["post-107564","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ai-llm-tools-in-application-security","category-blog","category-dast","tag-agentic-ai","tag-appsec","tag-dast"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Checkmarx DAST for the AI Coding Era: Runtime Security at Machine Speed<\/title>\n<meta name=\"description\" content=\"The question is not whether or not to implement DAST. It is whether your DAST can\u00a0keep pace with how\u00a0fast\u00a0your teams are building.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/blog\/checkmarx-dast-for-the-ai-coding-era\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Checkmarx DAST for the AI Coding Era: Runtime Security at Machine Speed\" \/>\n<meta property=\"og:description\" content=\"The question is not whether or not to implement DAST. It is whether your DAST can\u00a0keep pace with how\u00a0fast\u00a0your teams are building.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/blog\/checkmarx-dast-for-the-ai-coding-era\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:published_time\" content=\"2026-03-24T15:09:32+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-24T15:11:27+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-_3_-1024x512.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"512\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Avi Hein\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Avi Hein\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-dast-for-the-ai-coding-era\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-dast-for-the-ai-coding-era\/\"},\"author\":{\"name\":\"Avi Hein\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/3546917fa0246ce4d997275a745acd79\"},\"headline\":\"Checkmarx DAST for the AI Coding Era: Runtime Security at Machine Speed\",\"datePublished\":\"2026-03-24T15:09:32+00:00\",\"dateModified\":\"2026-03-24T15:11:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-dast-for-the-ai-coding-era\/\"},\"wordCount\":1404,\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-dast-for-the-ai-coding-era\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-_3_.webp\",\"keywords\":[\"Agentic AI\",\"AppSec\",\"dast\"],\"articleSection\":[\"AI &amp; LLM Tools in Application Security\",\"Blog\",\"DAST\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-dast-for-the-ai-coding-era\/\",\"url\":\"https:\/\/checkmarx.com\/blog\/checkmarx-dast-for-the-ai-coding-era\/\",\"name\":\"Checkmarx DAST for the AI Coding Era: Runtime Security at Machine Speed\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-dast-for-the-ai-coding-era\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-dast-for-the-ai-coding-era\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-_3_.webp\",\"datePublished\":\"2026-03-24T15:09:32+00:00\",\"dateModified\":\"2026-03-24T15:11:27+00:00\",\"description\":\"The question is not whether or not to implement DAST. It is whether your DAST can\u00a0keep pace with how\u00a0fast\u00a0your teams are building.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/blog\/checkmarx-dast-for-the-ai-coding-era\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-dast-for-the-ai-coding-era\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-_3_.webp\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-_3_.webp\",\"width\":2560,\"height\":1280,\"caption\":\"Agentic AI DAST\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/3546917fa0246ce4d997275a745acd79\",\"name\":\"Avi Hein\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_84.png\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_84.png\",\"caption\":\"Avi Hein\"},\"url\":\"https:\/\/checkmarx.com\/author\/avihein\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Checkmarx DAST for the AI Coding Era: Runtime Security at Machine Speed","description":"The question is not whether or not to implement DAST. It is whether your DAST can\u00a0keep pace with how\u00a0fast\u00a0your teams are building.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/blog\/checkmarx-dast-for-the-ai-coding-era\/","og_locale":"en_US","og_type":"article","og_title":"Checkmarx DAST for the AI Coding Era: Runtime Security at Machine Speed","og_description":"The question is not whether or not to implement DAST. It is whether your DAST can\u00a0keep pace with how\u00a0fast\u00a0your teams are building.","og_url":"https:\/\/checkmarx.com\/blog\/checkmarx-dast-for-the-ai-coding-era\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_published_time":"2026-03-24T15:09:32+00:00","article_modified_time":"2026-03-24T15:11:27+00:00","og_image":[{"width":1024,"height":512,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-_3_-1024x512.webp","type":"image\/webp"}],"author":"Avi Hein","twitter_card":"summary_large_image","twitter_creator":"@checkmarx","twitter_site":"@checkmarx","twitter_misc":{"Written by":"Avi Hein","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/checkmarx.com\/blog\/checkmarx-dast-for-the-ai-coding-era\/#article","isPartOf":{"@id":"https:\/\/checkmarx.com\/blog\/checkmarx-dast-for-the-ai-coding-era\/"},"author":{"name":"Avi Hein","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/3546917fa0246ce4d997275a745acd79"},"headline":"Checkmarx DAST for the AI Coding Era: Runtime Security at Machine Speed","datePublished":"2026-03-24T15:09:32+00:00","dateModified":"2026-03-24T15:11:27+00:00","mainEntityOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/checkmarx-dast-for-the-ai-coding-era\/"},"wordCount":1404,"publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/checkmarx-dast-for-the-ai-coding-era\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-_3_.webp","keywords":["Agentic AI","AppSec","dast"],"articleSection":["AI &amp; LLM Tools in Application Security","Blog","DAST"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/blog\/checkmarx-dast-for-the-ai-coding-era\/","url":"https:\/\/checkmarx.com\/blog\/checkmarx-dast-for-the-ai-coding-era\/","name":"Checkmarx DAST for the AI Coding Era: Runtime Security at Machine Speed","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/checkmarx-dast-for-the-ai-coding-era\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/checkmarx-dast-for-the-ai-coding-era\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-_3_.webp","datePublished":"2026-03-24T15:09:32+00:00","dateModified":"2026-03-24T15:11:27+00:00","description":"The question is not whether or not to implement DAST. It is whether your DAST can\u00a0keep pace with how\u00a0fast\u00a0your teams are building.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/blog\/checkmarx-dast-for-the-ai-coding-era\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/blog\/checkmarx-dast-for-the-ai-coding-era\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-_3_.webp","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/Blog-Banner-_3_.webp","width":2560,"height":1280,"caption":"Agentic AI DAST"},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]},{"@type":"Person","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/3546917fa0246ce4d997275a745acd79","name":"Avi Hein","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_84.png","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_84.png","caption":"Avi Hein"},"url":"https:\/\/checkmarx.com\/author\/avihein\/"}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/107564","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/84"}],"replies":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/comments?post=107564"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/107564\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/107567"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=107564"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/categories?post=107564"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/tags?post=107564"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}},{"id":107865,"date":"2026-03-24T12:19:33","date_gmt":"2026-03-24T10:19:33","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?p=107865"},"modified":"2026-04-03T20:19:05","modified_gmt":"2026-04-03T18:19:05","slug":"checkmarx-security-update","status":"publish","type":"post","link":"https:\/\/checkmarx.com\/blog\/checkmarx-security-update\/","title":{"rendered":"Checkmarx Security Update"},"content":{"rendered":"<p><strong>Last Updated April 2, 2026<\/strong><\/p>\n\n\n\n<p>On March 23, 2026, Checkmarx identified a cybersecurity supply chain incident affecting certain Checkmarx\u2011related developer artefacts distributed via third\u2011party channels.<\/p>\n\n\n\n<p>This post contains a structured overview of the incident and the steps we have taken to date, as well as additional resources to support our clients and team members.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-1\"><strong>What Happened<\/strong><\/h2>\n\n\n\n<p>On March 23, 2026, Checkmarx was the target of a cybersecurity supply chain incident which affected two specific plugins distributed via the OpenVSX marketplace and two of our GitHub Actions workflows.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-2\"><strong>OpenVSX Plugins<\/strong><\/h2>\n\n\n\n<p>On March 23, 2026, at approximately 02:53 UTC, malicious versions of two plugins were published to the OpenVSX registry.<\/p>\n\n\n\n<p>Only organizations that downloaded the following artifacts from OpenVSX on 23 March, 2026 between 02:53 UTC and 15:41 UTC and ran it are potentially impacted by this incident.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>ast-results-2.53.0.vsix<\/li>\n\n\n\n<li>cx-dev-assist-1.7.0.vsix<\/li>\n<\/ul>\n\n\n\n<p>The affected plug-ins are no longer available and all older GitHub versions have been permanently removed.<\/p>\n\n\n\n<p>Plugins downloaded from the VS Code Marketplace were not affected.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Recommended actions<\/h3>\n\n\n\n<p>The following guidance is provided as a precautionary measure to support customer\u2011led assessments and remediation, where relevant to their environments.<\/p>\n\n\n\n<p>If a client downloaded and ran either of the above extensions from the Open VSX registry, their organization may be affected.<\/p>\n\n\n\n<p>If the client organization may have been affected, we strongly recommend taking the following steps as soon as possible.<\/p>\n\n\n\n<p><strong>1. Remove Malicious Components<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Uninstall the following VSIX extensions from all environments:<ul><li>checkmarx.ast-results-2.53.0.vsix&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>checkmarx.cx-dev-assist-1.7.0.vsix<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>use ast-github-action \u2013 v2.3.33 only<\/li>\n\n\n\n<li>use kics-github-action \u2013 v2.1.20 only<\/li>\n\n\n\n<li>Ensure they are removed from:<ul><li>All developer machines<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>All VSCode profiles and environments<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p><strong>2. Revoke and Rotate Credentials<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-3\"><strong>GitHub Actions<\/strong><\/h2>\n\n\n\n<p>An issue was also identified in KICS and AST GitHub Action on March 23, 2026. The attacker injected malicious payloads into the following GitHub Actions workflows which were available between 12:58 and 16:50 UTC:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>checkmarx\/ast-github-action<\/li>\n\n\n\n<li>checkmarx\/kics-github-action<\/li>\n<\/ul>\n\n\n\n<p>Maintainers revoked the affected tags, securing access, and preventing unauthorized changes.<\/p>\n\n\n\n<p>All GitHub Actions have been updated to the following latest verified releases, and all older versions have been permanently deleted from the organization&#8217;s repositories:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>ast-github-action \u2014 v2.3.33 (released March 23, 2026)<\/li>\n\n\n\n<li>kics-github-action \u2014 v2.1.20 (released March 23, 2026)<\/li>\n<\/ul>\n\n\n\n<p>Both versions are the only ones available in our repos. All pipelines must reference these versions exclusively or newer.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Recommended actions<\/h3>\n\n\n\n<p>If you downloaded the malicious versions of either plugin (ast-results-2.53.0.vsix or cx-dev-assist-1.7.0.vsix) from OpenVSX during the affected period, we strongly recommend following these precautionary steps:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Revoke and rotate all secrets and credentials accessible to CI runners during the affected period, including GitHub Personal Access Tokens (PATs), cloud service credentials, and repository or organization-level secrets.<\/li>\n\n\n\n<li>Review GitHub Actions runs, search for suspicious indicators such as references to tpcp.tar.gz, aquasecurity, or checkmarx.zone, and check for unexpected repositories like tpcp-docs. In case you spot any occurrences of these, please remove them or contact the Checkmarx Support for guidance.<\/li>\n\n\n\n<li>Revoke access to the following tokens, and issue new ones:<ul><li>GitHub credentials<\/li><\/ul>\n<ul><li>Microsoft Azure access<\/li><\/ul>\n<ul><li>Google Cloud (GCP) access<\/li><\/ul>\n<ul><li>AWS access<\/li><\/ul>\n<ul><li>Kubernetes service account tokens and kubeconfigs<\/li><\/ul>\n<ul><li>SSH keys<\/li><\/ul>\n<ul><li>Docker registry credentials<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>Block Malicious Infrastructure by restricting access to checkmarx[.]zone and review historical network traffic for any communication with this domain<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Review logs and systems for GitHub activity such as unexpected API usage, suspicious repositories or artifacts such as docs-tpcp and\/or tpcp.tar.gz, unauthorized releases or CI-triggered changes<\/li>\n\n\n\n<li>For any revoked token, key or credentials from previous stages:<ul><li>Review related activity within exposure time frame, to validate no lateral movement took place<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>Monitor for any future attempts to use these credentials to identify ongoing attempts to attack infrastructure<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-4\"><strong>Containment &amp; Remediation<\/strong><\/h2>\n\n\n\n<p>Upon identification of the issue, we took immediate steps to contain and remediate the incident. We removed the unauthorized code, pinned our workflows to safe verified commit SHAs, revoked and rotated relevant credentials, blocked outbound access to the attacker-controlled domain, and reviewed our environments for any signs of further compromise.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-5\"><strong>Investigation Status<\/strong><\/h2>\n\n\n\n<p>We have commenced a formal investigation and engaged external forensic specialists to support that work. This investigation is ongoing and includes investigating the behaviour and objectives of the malicious code.<\/p>\n\n\n\n<p>Available information indicates that the primary functionality of the code was focused on the attempted collection and exfiltration of credentials and secrets from affected environments, without evidence to date that such data was successfully exfiltrated from any customer environment.<\/p>\n\n\n\n<p>Based on the investigation to date, and subject to the evidential limitations described below, we recommend continued vigilance and that you notify us promptly if you become aware of any suspicious activity.<\/p>\n\n\n\n<p>While the investigation is ongoing, to date, we do not have evidence indicating that the incident resulted in unauthorised access to customer data or systems, that data held by Checkmarx has been accessed, nor can we yet confirm that any particular customer environment was compromised<strong>.<\/strong><\/p>\n\n\n\n<p>It is important to note that because the affected artefacts execute within customer\u2011controlled environments, confirmation of whether a particular customer was impacted depends on an assessment of those environments, rather than on telemetry held by Checkmarx. Those CI\/CD pipelines and developer workstations are customer\u2011controlled environments, and Checkmarx does not have independent visibility into their execution or logs.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-6\"><strong>Our Commitment to You<\/strong><\/h2>\n\n\n\n<p>If you have any questions or need assistance assessing client exposure, please reach out to our security team at&nbsp;<a href=\"mailto:infosec@checkmarx.com\">infosec@checkmarx.com<\/a>. Additionally, we have published detailed assessment and remediation guidance, including indicators of compromise, version information and recommended next steps for customers on our support <a href=\"https:\/\/support.checkmarx.com\/CheckmarxCustomerServiceCommunity\/s\/login\/\">portal<\/a>. &nbsp;<\/p>\n\n\n\n<p>Protecting the security and privacy of our clients and team members is a responsibility we hold to the highest standard. As part of our commitment to transparency, we will provide updates as appropriate and as our investigation progresses.<\/p>\n\n\n\n<section class=\"section-accordion section-accordion-v2 cx\">\n    <div class=\"main-wrapper section-accordion__wrapper\">\n        <h2 class=\"section-title article-anchor\" id=\"article-anchor-7\">Frequently Asked Questions<\/h2>\n        <div class=\"fag-accordion__wrapper\">\n            <div class=\"js-accordion fag-accordion\">\n                <div>\n\n                                            <div class=\"js-accordion__item fag-accordion__item \">\n                            <h3 class=\"js-accordion__btn fag-accordion__btn\">\n                                <svg width=\"34px\" height=\"23px\" viewbox=\"0 0 34 23\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                                    <g id=\"Page-1\" stroke=\"none\" stroke-width=\"1\" fill=\"none\" fill-rule=\"evenodd\">\n                                        <g id=\"Shape\" transform=\"translate(0.939453, 1.530000)\" stroke-width=\"3\">\n                                            <path d=\"M19.810947,20.4179 L31.029947,9.14 M30.029947,10.1989 L0,10.1989 M31.029947,11.26 L19.810947,0\"><\/path>\n                                        <\/g>\n                                    <\/g>\n                                <\/svg>\n                                How can a customer determine whether its specific environment was affected?                            <\/h3>\n                            <div class=\"js-accordion-content fag-accordion__content\">\n                                <p>&#8220;Determining whether a specific environment was affected requires a structured assessment across two vectors: CI\/CD pipelines and developer workstations.<\/p>\n<p><strong>Assessment \u2014 CI\/CD pipelines (GitHub Actions):<\/strong><\/p>\n<ol>\n<li>Search all GitHub workflow files (.github\/workflows\/*.yml) for references to checkmarx\/kics-github-action and checkmarx\/ast-github-action.<\/li>\n<li>If references are identified, determine the version or tag in use (e.g., @main, @v2.3.32, a commit SHA).<\/li>\n<li>Ascertain whether any workflow runs referencing these actions occurred during the affected window in March 2026. GitHub Actions run logs are retained for a configurable period and should be reviewed for the relevant timeframe.<\/li>\n<li>If runs occurred during the affected window, review runner logs for: outbound connections to checkmarx[.]zone, execution of a setup.sh script not forming part of the customer&#8217;s own workflow, or any anomalous network activity.<\/li>\n<\/ol>\n<p><strong>Assessment &#8211; Developer workstations (Open VSX plugins):<\/strong><\/p>\n<ol>\n<li>Identify all developers utilizing VS Code within the organization.<\/li>\n<li>Determine whether Checkmarx extensions were installed from the Open VSX Registry (open-vsx.org) rather than the official VS Code Marketplace (marketplace.visualstudio.com).<\/li>\n<li>Verify the extension version and installation or last-update timestamp. Any Checkmarx VS Code extension installed or auto-updated from the Open VSX Registry during the affected window should be treated as potentially compromised.<\/li>\n<li>Inspect the workstation for the relevant plugin directories (refer to FAQ F10 for applicable paths) and review proxy or DNS logs for connections to checkmarx[.]zone.<\/li>\n<\/ol>\n<p><strong>Important note regarding Checkmarx scan-based detection:<\/strong><\/p>\n<p>Executing a Checkmarx SAST or SCA scan against your organization&#8217;s codebase will not detect whether your environment was compromised by this incident. The incident involves malicious code executed within a CI\/CD runner or IDE environment and does not constitute a vulnerability in application code that a scan would identify. Exposure assessment must be conducted through log analysis, workstation inspection, and credential audit as described above.&#8221;<\/p>\n                            <\/div>\n                        <\/div>\n                                                <div class=\"js-accordion__item fag-accordion__item \">\n                            <h3 class=\"js-accordion__btn fag-accordion__btn\">\n                                <svg width=\"34px\" height=\"23px\" viewbox=\"0 0 34 23\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                                    <g id=\"Page-1\" stroke=\"none\" stroke-width=\"1\" fill=\"none\" fill-rule=\"evenodd\">\n                                        <g id=\"Shape\" transform=\"translate(0.939453, 1.530000)\" stroke-width=\"3\">\n                                            <path d=\"M19.810947,20.4179 L31.029947,9.14 M30.029947,10.1989 L0,10.1989 M31.029947,11.26 L19.810947,0\"><\/path>\n                                        <\/g>\n                                    <\/g>\n                                <\/svg>\n                                How did the compromise happen, how was it discovered, and what is Checkmarx doing to prevent similar supply-chain attacks in the future?                            <\/h3>\n                            <div class=\"js-accordion-content fag-accordion__content\">\n                                <p>See Checkmarx Security Update, 26 March 2026 (<a href=\"https:\/\/checkmarx.com\/blog\/checkmarx-security-update\/\">https:\/\/checkmarx.com\/blog\/checkmarx-security-update\/<\/a>)<\/p>\n                            <\/div>\n                        <\/div>\n                                                <div class=\"js-accordion__item fag-accordion__item \">\n                            <h3 class=\"js-accordion__btn fag-accordion__btn\">\n                                <svg width=\"34px\" height=\"23px\" viewbox=\"0 0 34 23\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                                    <g id=\"Page-1\" stroke=\"none\" stroke-width=\"1\" fill=\"none\" fill-rule=\"evenodd\">\n                                        <g id=\"Shape\" transform=\"translate(0.939453, 1.530000)\" stroke-width=\"3\">\n                                            <path d=\"M19.810947,20.4179 L31.029947,9.14 M30.029947,10.1989 L0,10.1989 M31.029947,11.26 L19.810947,0\"><\/path>\n                                        <\/g>\n                                    <\/g>\n                                <\/svg>\n                                Which Checkmarx GitHub Actions and plugins were affected?                            <\/h3>\n                            <div class=\"js-accordion-content fag-accordion__content\">\n                                <p>Both checkmarx\/ast-github-action and checkmarx\/kics-github-action were affected by this incident, as were the two Open VSX Registry plugins referenced in Checkmarx&#8217;s security communications.<\/p>\n                            <\/div>\n                        <\/div>\n                                                <div class=\"js-accordion__item fag-accordion__item \">\n                            <h3 class=\"js-accordion__btn fag-accordion__btn\">\n                                <svg width=\"34px\" height=\"23px\" viewbox=\"0 0 34 23\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                                    <g id=\"Page-1\" stroke=\"none\" stroke-width=\"1\" fill=\"none\" fill-rule=\"evenodd\">\n                                        <g id=\"Shape\" transform=\"translate(0.939453, 1.530000)\" stroke-width=\"3\">\n                                            <path d=\"M19.810947,20.4179 L31.029947,9.14 M30.029947,10.1989 L0,10.1989 M31.029947,11.26 L19.810947,0\"><\/path>\n                                        <\/g>\n                                    <\/g>\n                                <\/svg>\n                                What IOCs can Checkmarx share (hashes, filenames\/folders, domains, IPs, SHAs, setup.sh artifacts)?                            <\/h3>\n                            <div class=\"js-accordion-content fag-accordion__content\">\n                                <p>The following indicators of compromise (IOCs) have been identified through Checkmarx&#8217;s investigation and independent third-party security research. The investigation remains ongoing and additional IOCs may be published.<\/p>\n<p><strong>Malicious domain \/ command-and-control infrastructure:<\/strong><\/p>\n<p>checkmarx[.]zone &#8211; This attacker-controlled domain was intended to be used for the exfiltration of any stolen credentials and secrets. Any outbound DNS query or HTTP\/HTTPS connection to this domain originating from CI\/CD runners or developer workstations during the affected window should be treated as a confirmed indicator of compromise.<\/p>\n<p><strong>Malicious VSIX filenames (Open VSX):<\/strong><\/p>\n<ul>\n<li>ast-results-[version].vsix<\/li>\n<li>cx-dev-assist-[version].vsix<\/li>\n<\/ul>\n<p>The specific filenames checkmarx.ast-results-2.53.0.vsix and checkmarx.cx-dev-assist-1.7.0.vsix have been referenced in customer communications. Customers should evaluate any version downloaded from the Open VSX Registry during the affected window, not solely these specific version numbers.<\/p>\n<p><strong>On-disk extension directories:<\/strong><\/p>\n<p>The presence of Open VSX-sourced Checkmarx extension directories within VS Code&#8217;s extension folder constitutes a potential indicator. Refer to FAQ F10 for applicable file paths.<\/p>\n<p><strong>Runner artifacts (setup.sh):<\/strong><\/p>\n<p>The compromised GitHub Actions injected a script (setup.sh) on the CI\/CD runner as part of the action&#8217;s initialization sequence. The presence of this script or associated runner artifacts constitutes a behavioral indicator of compromise. The full contents of setup.sh cannot be publicly disclosed at this time given the ongoing investigation.<\/p>\n<p><strong>File hashes (SHA256)- sourced from Wiz threat intelligence reporting:<\/strong><\/p>\n<p>ast-results-2.53.0.vsix: 65bd72fcddaf938cefdf55b3323ad29f649a65d4ddd6aea09afa974dfc7f105d<\/p>\n<p>cx-dev-assist-1.7.0.vsix: 744c9d61b66bcd2bb5474d9afeee6c00bb7e0cd32535781da188b80eb59383e0<\/p>\n                            <\/div>\n                        <\/div>\n                                                <div class=\"js-accordion__item fag-accordion__item \">\n                            <h3 class=\"js-accordion__btn fag-accordion__btn\">\n                                <svg width=\"34px\" height=\"23px\" viewbox=\"0 0 34 23\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                                    <g id=\"Page-1\" stroke=\"none\" stroke-width=\"1\" fill=\"none\" fill-rule=\"evenodd\">\n                                        <g id=\"Shape\" transform=\"translate(0.939453, 1.530000)\" stroke-width=\"3\">\n                                            <path d=\"M19.810947,20.4179 L31.029947,9.14 M30.029947,10.1989 L0,10.1989 M31.029947,11.26 L19.810947,0\"><\/path>\n                                        <\/g>\n                                    <\/g>\n                                <\/svg>\n                                Which credentials, secrets, or keys must be rotated, and was only GitHub affected or potentially other credentials too?                            <\/h3>\n                            <div class=\"js-accordion-content fag-accordion__content\">\n                                <p>The malicious payload embedded in both the GitHub Actions and the Open VSX plugins was designed to exfiltrate environment variables and secrets from the execution context of the affected GitHub repository.<\/p>\n<p><strong>Credentials at risk &#8211; GitHub Actions (CI\/CD):<\/strong><\/p>\n<p>Any secret configured within the affected GitHub repository or organization and accessible to the workflow at the time the compromised action executed is potentially at risk. This includes, but is not limited to: GITHUB_TOKEN, API keys, cloud provider credentials, database credentials, and Checkmarx API tokens.<\/p>\n<p><strong>Credentials at risk &#8211; Developer workstations (Open VSX plugin exposure):<\/strong><\/p>\n<p>Any credential accessible within the VS Code environment, including those stored in environment variables, configuration files, or tokens used by the IDE, should be treated as potentially at risk.<\/p>\n<p><strong>Credentials requiring rotation:<\/strong><\/p>\n<ol>\n<li>All GitHub repository secrets in any repository or organization where the compromised actions executed.<\/li>\n<li>Checkmarx API keys and tokens used within the affected pipelines.<\/li>\n<li>Cloud provider credentials (AWS, Azure, GCP) if present as environment variables in affected workflows.<\/li>\n<li>All other API keys, tokens, or passwords configured as GitHub secrets or environment variables in the affected workflows.<\/li>\n<li>On developer workstations: any tokens or secrets stored in VS Code settings, environment variables, or configuration files where the malicious Open VSX plugin was installed and active<strong>. <\/strong>\n<\/li>\n<\/ol>\n                            <\/div>\n                        <\/div>\n                        <\/div>\n<div>                        <div class=\"js-accordion__item fag-accordion__item \">\n                            <h3 class=\"js-accordion__btn fag-accordion__btn\">\n                                <svg width=\"34px\" height=\"23px\" viewbox=\"0 0 34 23\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                                    <g id=\"Page-1\" stroke=\"none\" stroke-width=\"1\" fill=\"none\" fill-rule=\"evenodd\">\n                                        <g id=\"Shape\" transform=\"translate(0.939453, 1.530000)\" stroke-width=\"3\">\n                                            <path d=\"M19.810947,20.4179 L31.029947,9.14 M30.029947,10.1989 L0,10.1989 M31.029947,11.26 L19.810947,0\"><\/path>\n                                        <\/g>\n                                    <\/g>\n                                <\/svg>\n                                Will Checkmarx provide a formal root-cause analysis (RCA) report?                            <\/h3>\n                            <div class=\"js-accordion-content fag-accordion__content\">\n                                <p>Checkmarx recognizes that many enterprise customers \u2014 particularly those in regulated industries or with formal vendor risk management programs \u2014 require a written root-cause analysis or incident statement from strategic suppliers following a supply chain security incident such as this.<\/p>\n<p>Checkmarx is commited to providing material updates, and preparing a post-incident report. While the investigation is still ongoing \u2014 including with support from a third-party forensic firm we have engaged \u2014 we expect the report to include:<\/p>\n<ul>\n<li>Our findings with respect to the root cause and attack vector exploited by the TeamPCP threat actor, as established by the investigation<\/li>\n<li>A timeline of events from initial compromise through detection and remediation<\/li>\n<li>Findings with respect to affected artifacts and the scope of customer impact, as confirmed by the investigation<\/li>\n<li>The remediation actions taken by Checkmarx<\/li>\n<li>Forward-looking\u00a0 preventive controls to enhance Checkmarx&#8217;s security posture<\/li>\n<\/ul>\n                            <\/div>\n                        <\/div>\n                                                <div class=\"js-accordion__item fag-accordion__item \">\n                            <h3 class=\"js-accordion__btn fag-accordion__btn\">\n                                <svg width=\"34px\" height=\"23px\" viewbox=\"0 0 34 23\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                                    <g id=\"Page-1\" stroke=\"none\" stroke-width=\"1\" fill=\"none\" fill-rule=\"evenodd\">\n                                        <g id=\"Shape\" transform=\"translate(0.939453, 1.530000)\" stroke-width=\"3\">\n                                            <path d=\"M19.810947,20.4179 L31.029947,9.14 M30.029947,10.1989 L0,10.1989 M31.029947,11.26 L19.810947,0\"><\/path>\n                                        <\/g>\n                                    <\/g>\n                                <\/svg>\n                                Does this incident affect Checkmarx One SaaS \/ cloud or scanning engines, and do SaaS-only customers need to take action?                            <\/h3>\n                            <div class=\"js-accordion-content fag-accordion__content\">\n                                <p>The Checkmarx One SaaS platform, including cloud-hosted scanning engines, the Checkmarx One web application, and associated backend services, do not appear to be affected by this incident.<\/p>\n<p>This incident constitutes a supply-chain compromise targeting specific open-source distribution artifacts (GitHub Actions and Open VSX plugins). It does not represent a breach of Checkmarx&#8217;s SaaS infrastructure. It does not appear that the threat actor obtained access to Checkmarx One customer tenants, customer data, scan results, or the platform&#8217;s internal systems.<\/p>\n<p>Notwithstanding the above, SaaS customers who utilize the affected GitHub Actions (checkmarx\/kics-github-action or checkmarx\/ast-github-action) within their own CI\/CD pipelines, or whose developers installed plugins sourced from the Open VSX Registry, may be indirectly affected.<\/p>\n<p>We understand the residual risk pertains to the customer&#8217;s own CI\/CD runner environments and developer workstations on which the malicious code may have executed.<\/p>\n<p><strong>Recommended action for SaaS customers:<\/strong><\/p>\n<p>If your organization does not use checkmarx\/kics-github-action or checkmarx\/ast-github-action in its GitHub pipelines and developers do not use Open VSX-sourced plugins, no specific action with respect to the SaaS platform is required. If the affected GitHub Actions are in use, any runner that executed those actions during the affected window should be treated as potentially compromised, and customers should follow the remediation guidance including credential rotation, log review, and runner inspection. We recommend heightened vigilance at this time.<\/p>\n                            <\/div>\n                        <\/div>\n                                                <div class=\"js-accordion__item fag-accordion__item \">\n                            <h3 class=\"js-accordion__btn fag-accordion__btn\">\n                                <svg width=\"34px\" height=\"23px\" viewbox=\"0 0 34 23\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                                    <g id=\"Page-1\" stroke=\"none\" stroke-width=\"1\" fill=\"none\" fill-rule=\"evenodd\">\n                                        <g id=\"Shape\" transform=\"translate(0.939453, 1.530000)\" stroke-width=\"3\">\n                                            <path d=\"M19.810947,20.4179 L31.029947,9.14 M30.029947,10.1989 L0,10.1989 M31.029947,11.26 L19.810947,0\"><\/path>\n                                        <\/g>\n                                    <\/g>\n                                <\/svg>\n                                Which versions, tags, and time windows were affected, and which versions are safe now?                            <\/h3>\n                            <div class=\"js-accordion-content fag-accordion__content\">\n                                <h3>Affected versions and tags:<\/h3>\n<p><strong>checkmarx\/ast-github-action:<\/strong><\/p>\n<ul>\n<li>3.32 was compromised.<\/li>\n<li>References to @main during the exposure window (March 2026) were compromised.<\/li>\n<li>Any unpinned or floating reference that resolved to a compromised commit during the exposure window should be treated as affected.<\/li>\n<\/ul>\n<p><strong>checkmarx\/kics-github-action:<\/strong><\/p>\n<ul>\n<li>All versions and tags active on the @main branch during the exposure window (March 2026) were compromised.<\/li>\n<li>Any unpinned or floating reference that resolved during the exposure window should be treated as affected.<\/li>\n<\/ul>\n<p><strong>Open VSX plugins:<\/strong><\/p>\n<ul>\n<li>ast-results v2.53.0 was compromised.<\/li>\n<li>cx-dev-assist v1.7.0 was compromised.<\/li>\n<li>Any version of either plugin installed or auto-updated from the Open VSX Registry during the exposure window should be treated as compromised.<\/li>\n<\/ul>\n<p><strong>Safe versions (post-remediation):<\/strong><\/p>\n<ul>\n<li>checkmarx\/ast-github-action v2.3.33 or later has been confirmed clean.<\/li>\n<li>checkmarx\/kics-github-action: pin to a version or commit SHA published following remediation; customers should confirm the specific safe tag with their Checkmarx account team.<\/li>\n<li>Open VSX plugins: reinstall from the official VS Code Marketplace. Current Marketplace versions are confirmed clean.<\/li>\n<li>@main as of the date of remediation references clean code; however, pinning to an explicit version tag or commit SHA is strongly recommended as best practice.<\/li>\n<\/ul>\n<p><strong>Exposure window:<\/strong><\/p>\n<p>Malicious artifacts were active during March 2026. The precise commencement date remains under investigation. Any pipeline execution or plugin installation or auto-update occurring during this period should be evaluated for potential exposure.<\/p>\n                            <\/div>\n                        <\/div>\n                                                <div class=\"js-accordion__item fag-accordion__item \">\n                            <h3 class=\"js-accordion__btn fag-accordion__btn\">\n                                <svg width=\"34px\" height=\"23px\" viewbox=\"0 0 34 23\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                                    <g id=\"Page-1\" stroke=\"none\" stroke-width=\"1\" fill=\"none\" fill-rule=\"evenodd\">\n                                        <g id=\"Shape\" transform=\"translate(0.939453, 1.530000)\" stroke-width=\"3\">\n                                            <path d=\"M19.810947,20.4179 L31.029947,9.14 M30.029947,10.1989 L0,10.1989 M31.029947,11.26 L19.810947,0\"><\/path>\n                                        <\/g>\n                                    <\/g>\n                                <\/svg>\n                                Is a third party involved in the investigation, what is the investigation timeline, and has\/will the incident be reported to regulators or law enforcement?                            <\/h3>\n                            <div class=\"js-accordion-content fag-accordion__content\">\n                                <p>Yes. We have appointed external breach counsel, and a leading forensics expert to assist with our investigation.\u00a0 We are unable to provide an estimated timeline.\u00a0 At this stage, we are notifying regulators and law enforcement as we deem necessary.<\/p>\n                            <\/div>\n                        <\/div>\n                                        <\/div>\n            <\/div>\n        <\/div>\n    <\/div>\n<\/section>\n\n\n<script type=\"application\/ld+json\">{\"@context\":\"https:\/\/schema.org\",\"@type\":\"FAQPage\",\"url\":\"https:\/\/checkmarx.com\/blog\/checkmarx-security-update\/\",\"mainEntity\":[{\"@type\":\"Question\",\"name\":\"How can a customer determine whether its specific environment was affected?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"&#8220;Determining whether a specific environment was affected requires a structured assessment across two vectors: CI\/CD pipelines and developer workstations.\\nAssessment \u2014 CI\/CD pipelines (GitHub Actions):\\n\\nSearch all GitHub workflow files (.github\/workflows\/*.yml) for references to checkmarx\/kics-github-action and checkmarx\/ast-github-action.\\nIf references are identified, determine the version or tag in use (e.g., @main, @v2.3.32, a commit SHA).\\nAscertain whether any workflow runs referencing these actions occurred during the affected window in March 2026. GitHub Actions run logs are retained for a configurable period and should be reviewed for the relevant timeframe.\\nIf runs occurred during the affected window, review runner logs for: outbound connections to checkmarx[.]zone, execution of a setup.sh script not forming part of the customer&#8217;s own workflow, or any anomalous network activity.\\n\\nAssessment &#8211; Developer workstations (Open VSX plugins):\\n\\nIdentify all developers utilizing VS Code within the organization.\\nDetermine whether Checkmarx extensions were installed from the Open VSX Registry (open-vsx.org) rather than the official VS Code Marketplace (marketplace.visualstudio.com).\\nVerify the extension version and installation or last-update timestamp. Any Checkmarx VS Code extension installed or auto-updated from the Open VSX Registry during the affected window should be treated as potentially compromised.\\nInspect the workstation for the relevant plugin directories (refer to FAQ F10 for applicable paths) and review proxy or DNS logs for connections to checkmarx[.]zone.\\n\\nImportant note regarding Checkmarx scan-based detection:\\nExecuting a Checkmarx SAST or SCA scan against your organization&#8217;s codebase will not detect whether your environment was compromised by this incident. The incident involves malicious code executed within a CI\/CD runner or IDE environment and does not constitute a vulnerability in application code that a scan would identify. Exposure assessment must be conducted through log analysis, workstation inspection, and credential audit as described above.&#8221;\"}},{\"@type\":\"Question\",\"name\":\"How did the compromise happen, how was it discovered, and what is Checkmarx doing to prevent similar supply-chain attacks in the future?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"See Checkmarx Security Update, 26 March 2026 (https:\/\/checkmarx.com\/blog\/checkmarx-security-update\/)\"}},{\"@type\":\"Question\",\"name\":\"Which Checkmarx GitHub Actions and plugins were affected?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Both checkmarx\/ast-github-action and checkmarx\/kics-github-action were affected by this incident, as were the two Open VSX Registry plugins referenced in Checkmarx&#8217;s security communications.\"}},{\"@type\":\"Question\",\"name\":\"What IOCs can Checkmarx share (hashes, filenames\/folders, domains, IPs, SHAs, setup.sh artifacts)?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"The following indicators of compromise (IOCs) have been identified through Checkmarx&#8217;s investigation and independent third-party security research. The investigation remains ongoing and additional IOCs may be published.\\nMalicious domain \/ command-and-control infrastructure:\\ncheckmarx[.]zone &#8211; This attacker-controlled domain was intended to be used for the exfiltration of any stolen credentials and secrets. Any outbound DNS query or HTTP\/HTTPS connection to this domain originating from CI\/CD runners or developer workstations during the affected window should be treated as a confirmed indicator of compromise.\\nMalicious VSIX filenames (Open VSX):\\n\\nast-results-[version].vsix\\ncx-dev-assist-[version].vsix\\n\\nThe specific filenames checkmarx.ast-results-2.53.0.vsix and checkmarx.cx-dev-assist-1.7.0.vsix have been referenced in customer communications. Customers should evaluate any version downloaded from the Open VSX Registry during the affected window, not solely these specific version numbers.\\nOn-disk extension directories:\\nThe presence of Open VSX-sourced Checkmarx extension directories within VS Code&#8217;s extension folder constitutes a potential indicator. Refer to FAQ F10 for applicable file paths.\\nRunner artifacts (setup.sh):\\nThe compromised GitHub Actions injected a script (setup.sh) on the CI\/CD runner as part of the action&#8217;s initialization sequence. The presence of this script or associated runner artifacts constitutes a behavioral indicator of compromise. The full contents of setup.sh cannot be publicly disclosed at this time given the ongoing investigation.\\nFile hashes (SHA256)- sourced from Wiz threat intelligence reporting:\\nast-results-2.53.0.vsix: 65bd72fcddaf938cefdf55b3323ad29f649a65d4ddd6aea09afa974dfc7f105d\\ncx-dev-assist-1.7.0.vsix: 744c9d61b66bcd2bb5474d9afeee6c00bb7e0cd32535781da188b80eb59383e0\"}},{\"@type\":\"Question\",\"name\":\"Which credentials, secrets, or keys must be rotated, and was only GitHub affected or potentially other credentials too?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"The malicious payload embedded in both the GitHub Actions and the Open VSX plugins was designed to exfiltrate environment variables and secrets from the execution context of the affected GitHub repository.\\nCredentials at risk &#8211; GitHub Actions (CI\/CD):\\nAny secret configured within the affected GitHub repository or organization and accessible to the workflow at the time the compromised action executed is potentially at risk. This includes, but is not limited to: GITHUB_TOKEN, API keys, cloud provider credentials, database credentials, and Checkmarx API tokens.\\nCredentials at risk &#8211; Developer workstations (Open VSX plugin exposure):\\nAny credential accessible within the VS Code environment, including those stored in environment variables, configuration files, or tokens used by the IDE, should be treated as potentially at risk.\\nCredentials requiring rotation:\\n\\nAll GitHub repository secrets in any repository or organization where the compromised actions executed.\\nCheckmarx API keys and tokens used within the affected pipelines.\\nCloud provider credentials (AWS, Azure, GCP) if present as environment variables in affected workflows.\\nAll other API keys, tokens, or passwords configured as GitHub secrets or environment variables in the affected workflows.\\nOn developer workstations: any tokens or secrets stored in VS Code settings, environment variables, or configuration files where the malicious Open VSX plugin was installed and active.\"}},{\"@type\":\"Question\",\"name\":\"Will Checkmarx provide a formal root-cause analysis (RCA) report?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Checkmarx recognizes that many enterprise customers \u2014 particularly those in regulated industries or with formal vendor risk management programs \u2014 require a written root-cause analysis or incident statement from strategic suppliers following a supply chain security incident such as this.\\nCheckmarx is commited to providing material updates, and preparing a post-incident report. While the investigation is still ongoing \u2014 including with support from a third-party forensic firm we have engaged \u2014 we expect the report to include:\\n\\nOur findings with respect to the root cause and attack vector exploited by the TeamPCP threat actor, as established by the investigation\\nA timeline of events from initial compromise through detection and remediation\\nFindings with respect to affected artifacts and the scope of customer impact, as confirmed by the investigation\\nThe remediation actions taken by Checkmarx\\nForward-looking\u00a0 preventive controls to enhance Checkmarx&#8217;s security posture\"}},{\"@type\":\"Question\",\"name\":\"Does this incident affect Checkmarx One SaaS \/ cloud or scanning engines, and do SaaS-only customers need to take action?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"The Checkmarx One SaaS platform, including cloud-hosted scanning engines, the Checkmarx One web application, and associated backend services, do not appear to be affected by this incident.\\nThis incident constitutes a supply-chain compromise targeting specific open-source distribution artifacts (GitHub Actions and Open VSX plugins). It does not represent a breach of Checkmarx&#8217;s SaaS infrastructure. It does not appear that the threat actor obtained access to Checkmarx One customer tenants, customer data, scan results, or the platform&#8217;s internal systems.\\nNotwithstanding the above, SaaS customers who utilize the affected GitHub Actions (checkmarx\/kics-github-action or checkmarx\/ast-github-action) within their own CI\/CD pipelines, or whose developers installed plugins sourced from the Open VSX Registry, may be indirectly affected.\\nWe understand the residual risk pertains to the customer&#8217;s own CI\/CD runner environments and developer workstations on which the malicious code may have executed.\\nRecommended action for SaaS customers:\\nIf your organization does not use checkmarx\/kics-github-action or checkmarx\/ast-github-action in its GitHub pipelines and developers do not use Open VSX-sourced plugins, no specific action with respect to the SaaS platform is required. If the affected GitHub Actions are in use, any runner that executed those actions during the affected window should be treated as potentially compromised, and customers should follow the remediation guidance including credential rotation, log review, and runner inspection. We recommend heightened vigilance at this time.\"}},{\"@type\":\"Question\",\"name\":\"Which versions, tags, and time windows were affected, and which versions are safe now?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Affected versions and tags:\\ncheckmarx\/ast-github-action:\\n\\n3.32 was compromised.\\nReferences to @main during the exposure window (March 2026) were compromised.\\nAny unpinned or floating reference that resolved to a compromised commit during the exposure window should be treated as affected.\\n\\ncheckmarx\/kics-github-action:\\n\\nAll versions and tags active on the @main branch during the exposure window (March 2026) were compromised.\\nAny unpinned or floating reference that resolved during the exposure window should be treated as affected.\\n\\nOpen VSX plugins:\\n\\nast-results v2.53.0 was compromised.\\ncx-dev-assist v1.7.0 was compromised.\\nAny version of either plugin installed or auto-updated from the Open VSX Registry during the exposure window should be treated as compromised.\\n\\nSafe versions (post-remediation):\\n\\ncheckmarx\/ast-github-action v2.3.33 or later has been confirmed clean.\\ncheckmarx\/kics-github-action: pin to a version or commit SHA published following remediation; customers should confirm the specific safe tag with their Checkmarx account team.\\nOpen VSX plugins: reinstall from the official VS Code Marketplace. Current Marketplace versions are confirmed clean.\\n@main as of the date of remediation references clean code; however, pinning to an explicit version tag or commit SHA is strongly recommended as best practice.\\n\\nExposure window:\\nMalicious artifacts were active during March 2026. The precise commencement date remains under investigation. Any pipeline execution or plugin installation or auto-update occurring during this period should be evaluated for potential exposure.\"}},{\"@type\":\"Question\",\"name\":\"Is a third party involved in the investigation, what is the investigation timeline, and has\/will the incident be reported to regulators or law enforcement?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Yes. We have appointed external breach counsel, and a leading forensics expert to assist with our investigation.\u00a0 We are unable to provide an estimated timeline.\u00a0 At this stage, we are notifying regulators and law enforcement as we deem necessary.\"}}]}<\/script>","protected":false},"excerpt":{"rendered":"<p>Last Updated April 2, 2026 On March 23, 2026, Checkmarx identified a cybersecurity supply chain incident affecting certain Checkmarx\u2011related developer artefacts distributed via third\u2011party channels. This post contains a structured overview of the incident and the steps we have taken to date, as well as additional resources to support our clients and team members. What [&hellip;]<\/p>\n","protected":false},"author":173,"featured_media":104895,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[84],"tags":[],"class_list":["post-107865","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Checkmarx Security Update<\/title>\n<meta name=\"description\" content=\"We take our customers\u2019 security very seriously and are taking steps to reinforce our processes. We will continue to provide updates as more information becomes available\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/blog\/checkmarx-security-update\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Checkmarx Security Update\" \/>\n<meta property=\"og:description\" content=\"We take our customers\u2019 security very seriously and are taking steps to reinforce our processes. We will continue to provide updates as more information becomes available\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/blog\/checkmarx-security-update\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:published_time\" content=\"2026-03-24T10:19:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-03T18:19:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/10\/30445-Checkmarx-Blog-Post-banner_flat.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1280\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Udi-Yehuda Tamar\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Udi-Yehuda Tamar\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-security-update\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-security-update\/\"},\"author\":{\"name\":\"Udi-Yehuda Tamar\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/3c362536d4ef62ec5ebb35baa48e357d\"},\"headline\":\"Checkmarx Security Update\",\"datePublished\":\"2026-03-24T10:19:33+00:00\",\"dateModified\":\"2026-04-03T18:19:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-security-update\/\"},\"wordCount\":942,\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-security-update\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/10\/30445-Checkmarx-Blog-Post-banner_flat.png\",\"articleSection\":[\"Blog\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-security-update\/\",\"url\":\"https:\/\/checkmarx.com\/blog\/checkmarx-security-update\/\",\"name\":\"Checkmarx Security Update\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-security-update\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-security-update\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/10\/30445-Checkmarx-Blog-Post-banner_flat.png\",\"datePublished\":\"2026-03-24T10:19:33+00:00\",\"dateModified\":\"2026-04-03T18:19:05+00:00\",\"description\":\"We take our customers\u2019 security very seriously and are taking steps to reinforce our processes. We will continue to provide updates as more information becomes available\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/blog\/checkmarx-security-update\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-security-update\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/10\/30445-Checkmarx-Blog-Post-banner_flat.png\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/10\/30445-Checkmarx-Blog-Post-banner_flat.png\",\"width\":2560,\"height\":1280,\"caption\":\"malicious packages in the AI world\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/3c362536d4ef62ec5ebb35baa48e357d\",\"name\":\"Udi-Yehuda Tamar\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c78c23df044a4bffe4f076ca4625132c75eadb6e243434aacf748ede1f7c59bc?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c78c23df044a4bffe4f076ca4625132c75eadb6e243434aacf748ede1f7c59bc?s=96&d=mm&r=g\",\"caption\":\"Udi-Yehuda Tamar\"},\"description\":\"VP of Platform Engineering and Global CISO\",\"url\":\"https:\/\/checkmarx.com\/author\/udi-yehuda_tamar\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Checkmarx Security Update","description":"We take our customers\u2019 security very seriously and are taking steps to reinforce our processes. We will continue to provide updates as more information becomes available","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/blog\/checkmarx-security-update\/","og_locale":"en_US","og_type":"article","og_title":"Checkmarx Security Update","og_description":"We take our customers\u2019 security very seriously and are taking steps to reinforce our processes. We will continue to provide updates as more information becomes available","og_url":"https:\/\/checkmarx.com\/blog\/checkmarx-security-update\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_published_time":"2026-03-24T10:19:33+00:00","article_modified_time":"2026-04-03T18:19:05+00:00","og_image":[{"width":2560,"height":1280,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/10\/30445-Checkmarx-Blog-Post-banner_flat.png","type":"image\/png"}],"author":"Udi-Yehuda Tamar","twitter_card":"summary_large_image","twitter_creator":"@checkmarx","twitter_site":"@checkmarx","twitter_misc":{"Written by":"Udi-Yehuda Tamar","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/checkmarx.com\/blog\/checkmarx-security-update\/#article","isPartOf":{"@id":"https:\/\/checkmarx.com\/blog\/checkmarx-security-update\/"},"author":{"name":"Udi-Yehuda Tamar","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/3c362536d4ef62ec5ebb35baa48e357d"},"headline":"Checkmarx Security Update","datePublished":"2026-03-24T10:19:33+00:00","dateModified":"2026-04-03T18:19:05+00:00","mainEntityOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/checkmarx-security-update\/"},"wordCount":942,"publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/checkmarx-security-update\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/10\/30445-Checkmarx-Blog-Post-banner_flat.png","articleSection":["Blog"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/blog\/checkmarx-security-update\/","url":"https:\/\/checkmarx.com\/blog\/checkmarx-security-update\/","name":"Checkmarx Security Update","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/checkmarx-security-update\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/checkmarx-security-update\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/10\/30445-Checkmarx-Blog-Post-banner_flat.png","datePublished":"2026-03-24T10:19:33+00:00","dateModified":"2026-04-03T18:19:05+00:00","description":"We take our customers\u2019 security very seriously and are taking steps to reinforce our processes. We will continue to provide updates as more information becomes available","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/blog\/checkmarx-security-update\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/blog\/checkmarx-security-update\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/10\/30445-Checkmarx-Blog-Post-banner_flat.png","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/10\/30445-Checkmarx-Blog-Post-banner_flat.png","width":2560,"height":1280,"caption":"malicious packages in the AI world"},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]},{"@type":"Person","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/3c362536d4ef62ec5ebb35baa48e357d","name":"Udi-Yehuda Tamar","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/c78c23df044a4bffe4f076ca4625132c75eadb6e243434aacf748ede1f7c59bc?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c78c23df044a4bffe4f076ca4625132c75eadb6e243434aacf748ede1f7c59bc?s=96&d=mm&r=g","caption":"Udi-Yehuda Tamar"},"description":"VP of Platform Engineering and Global CISO","url":"https:\/\/checkmarx.com\/author\/udi-yehuda_tamar\/"}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/107865","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/173"}],"replies":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/comments?post=107865"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/107865\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/104895"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=107865"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/categories?post=107865"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/tags?post=107865"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}]