Checkmarx Extends Vulnerability Scanning to AWS AI Tools
What happened
Security firm Checkmarx has extended its vulnerability detection capabilities to include Amazon Web Services' AI coding tools. The move addresses the growing need to secure AI-generated code as part of the DevSecOps lifecycle. This development reflects an industry-wide push to adapt security practices for the unique challenges posed by AI's increasing role in software development.
Why it matters
- The Checkmarx tool, known as Developer Assist, integrates directly into the developer's coding environment (IDE) and claims it can eliminate up to 90% of security issues before the code is even committed to a project. - Research indicates that about 45% of code generated by AI assistants contains security flaws. This is largely because the AI models are trained on vast amounts of public code, which often includes existing vulnerabilities. - Common vulnerabilities introduced by AI coding tools include classics like SQL injection and cross-site scripting (XSS), as well as insecure cryptographic implementations. Insecure code for handling cross-site scripting is particularly prevalent, with some studies showing models failing to produce secure code up to 86% of the time. - The integration with AWS's tool, Kiro, involves connecting to a framework of specialized agents called "Kiro Powers," which allows for a more in-depth analysis of the AI-generated code. - Beyond AWS, Checkmarx Developer Assist also supports other AI-centric coding environments built on Visual Studio Code, such as Cursor and Windsurf. - The adoption of AI in software development is rapidly increasing, with one 2025 survey indicating that 76% of software developers are already using or plan to use AI tools in their work. Another report from early 2026 found that developers estimate 42% of their committed code is AI-assisted. - This move is part of a broader industry trend known as "shift-left" security, where security checks and balances are integrated earlier in the software development lifecycle, directly within the developer's workflow, rather than being a final step before release. - The OWASP Foundation, a nonprofit focused on software security, has released a top 10 list of critical security risks specific to Large Language Models (LLMs), including prompt injection, training data poisoning, and sensitive information disclosure.
Key numbers
- - The Checkmarx tool, known as Developer Assist, integrates directly into the developer's coding environment (IDE) and claims it can eliminate up to 90% of security issues before the code is even committed to a project.
- Research indicates that about 45% of code generated by AI assistants contains security flaws.
- Insecure code for handling cross-site scripting is particularly prevalent, with some studies showing models failing to produce secure code up to 86% of the time.
- The adoption of AI in software development is rapidly increasing, with one 2025 survey indicating that 76% of software developers are already using or plan to use AI tools in their work.
What happens next
- The adoption of AI in software development is rapidly increasing, with one 2025 survey indicating that 76% of software developers are already using or plan to use AI tools in their work.
Quick answers
What happened in Checkmarx Extends Vulnerability Scanning to AWS AI Tools?
Security firm Checkmarx has extended its vulnerability detection capabilities to include Amazon Web Services' AI coding tools. The move addresses the growing need to secure AI-generated code as part of the DevSecOps lifecycle. This development reflects an industry-wide push to adapt security practices for the unique challenges posed by AI's increasing role in software development.
Why does Checkmarx Extends Vulnerability Scanning to AWS AI Tools matter?
The Checkmarx tool, known as Developer Assist, integrates directly into the developer's coding environment (IDE) and claims it can eliminate up to 90% of security issues before the code is even committed to a project. Research indicates that about 45% of code generated by AI assistants contains security flaws. This is largely because the AI models are trained on vast amounts of public code, which often includes existing vulnerabilities. Common vulnerabilities introduced by AI coding tools include classics like SQL injection and cross-site scripting (XSS), as well as insecure cryptographic implementations. Insecure code for handling cross-site scripting is particularly prevalent, with some studies showing models failing to produce secure code up to 86% of the time. The integration with AWS's tool, Kiro, involves connecting to a framework of specialized agents called "Kiro Powers," which allows for a more in-depth analysis of the AI-generated code. Beyond AWS, Checkmarx Developer Assist also supports other AI-centric coding environments built on Visual Studio Code, such as Cursor and Windsurf. The adoption of AI in software development is rapidly increasing, with one 2025 survey indicating that 76% of software developers are already using or plan to use AI tools in their work. Another report from early 2026 found that developers estimate 42% of their committed code is AI-assisted. This move is part of a broader industry trend known as "shift-left" security, where security checks and balances are integrated earlier in the software development lifecycle, directly within the developer's workflow, rather than being a final step before release. The OWASP Foundation, a nonprofit focused on software security, has released a top 10 list of critical security risks specific to Large Language Models (LLMs), including prompt injection, training data poisoning, and sensitive information disclosure.
