Checkmarx

The battleground in AppSec has shifted to remediation...and it’s all about execution. Detection still has gaps, but for most teams, the real challenge starts after a finding shows up. Alerts pile up, triage is inconsistent, and remediation can’t keep pace with development, especially as AI accelerates how quickly code is written. The result? More visibility, but not necessarily more security. The shift isn’t about abandoning detection. It’s about turning findings into outcomes by moving decisions and fixes into the pull request, where code actually gets reviewed and changed. Because AppSec doesn’t need more alerts. It needs more finished work. Read more in our latest blog 👇 https://lnkd.in/eXmifcVM   Rebecca Spiegel #agenticapplicationsecurity #agenticappsec

The rules of AppSec are changing in real time. When systems can interpret, decide, and act on their own, risk doesn’t stay in one place; it moves. That shift is forcing teams to rethink how they operate, moving away from fixed assumptions and toward a more adaptive, continuously evolving approach to security. It’s not about having all the answers upfront. It’s about consistently pressure-testing your approach and adjusting as the landscape changes. A new piece from ReversingLabs explores how that shift is playing out across the industry, featuring perspective from 🚀 Eran Kinsbruner. https://lnkd.in/e3Mxp_RF Cc: John P. Mello Jr.

Your developers are shipping faster than ever. Can your security keep up? If the answer is no, you’re not alone. Join us tomorrow to see how Checkmarx Developer One Assist helps teams secure code as it’s generated, catching vulnerabilities in real time, right in the IDE. In this webinar, we will cover how to:  ➡️ Detect and fix issues before they reach production ➡️ Auto-fix vulnerabilities, keeping your code fast and secure.  ➡️ Secure AI-generated code without slowing delivery 🗓️Save your spot: https://lnkd.in/esF2rSVN

The Checkmarx Partner Pulse 🤝 Where security conversations meet real-world connections, here’s what we have lined up with our partners this month: April 30 | Tysons, VA: GuidePoint Security GPSEC Forum – Register here: https://lnkd.in/efC2EnJv April 30 | Atlanta, GA: Guidepoint – Savannah's Bananas – Register here: https://lnkd.in/e69F7eaD May 8 | Dallas, TX: Trace3 - Dallas Golf Tournament – Reserve your spot: https://lnkd.in/eqmchMCR May 12 | Los Angeles, CA: Dodgers vs. Giants Suite Experience – Join the waitlist: https://lnkd.in/eiV2yVbR May 12 | Huntington Beach, CA: OptivCon Cybersecurity Summit – More details here: https://lnkd.in/eKVdfe97 From deep-dive security conversations to standout experiences, we’re excited to keep building with our partners this season.

A security perspective worth paying attention to.👀 At the RSA Conference, Kayla Williams talks through what happens when AI outpaces traditional AppSec workflows. Security can’t depend on intervention anymore. It has to be embedded in the way software is built, so speed doesn’t come at the expense of risk. 🎥 Watch the full conversation with Kayla + Adi Kavaler → https://lnkd.in/eGPGyhf4

Over the past five weeks, Checkmarx has been managing a sophisticated, multi-stage supply chain attack. On March 23, we identified the initial compromise. On April 22, we identified a follow-on attack. On April 25, a cybercriminal group published data they claim originated from our GitHub repository. We are in an ongoing investigation and will share a complete post-incident report as findings are confirmed. Today, we published an interim report summarizing our findings to date: https://lnkd.in/gKk3B36V

We are aware of reports circulating today regarding a new development in the ongoing supply chain security incident identified on March 23, 2026.   This is part of the same incident we have been actively investigating and communicating about. Our forensic investigation — conducted with leading third-party firms — is ongoing, and we are working to verify the nature and scope of the data that has been published.   We deeply apologize for impact this is causing to customers. We are committed to keeping our customers, partners, and employees informed as soon as new information is learned. Our latest update is available here: https://lnkd.in/g8mqGRqU We will continue to update as we have more information as it is available.

The audit passed. Everything looked clean. The release moved forward. But AI had already introduced a new layer of risk… one that never showed up in the checks. Our latest ebook explores the 10 AI supply chain risks most teams aren’t accounting for, and why securing modern applications now requires more than just traditional AppSec. Download the guide → https://lnkd.in/eHkyZydH

Join us on May 5 for a live webinar on how security teams can keep pace with AI-driven development, and where DAST fits in. As AI speeds up how applications are built, security testing is struggling to keep up. Code can look clean but still introduce vulnerabilities that only appear at runtime. We’ll cover why runtime validation is now essential, where static analysis falls short, and what’s driving the shift toward DAST. 📅 May 5 | 1:00 PM CT Register now: https://lnkd.in/eEfvs3wY Frank Emery, Maadana T., Avi Hein

The expectations around product security are changing. With the Cyber Resilience Act, risk can’t just be identified; it has to be understood, documented, and managed across the entire lifecycle. That includes everything in the stack: open source, third-party components, and now AI. We’re diving into what this looks like in practice in an upcoming webinar on April 23 at 2:00 PM, led by Carsten Huth, PhD, CISSP, CSSLP, and David Dewaele. If you’re thinking about how to operationalize this, register now 👇https://lnkd.in/eDaQX-am