Checkmarx Extends Vulnerability Scanning to AWS AI Tools

- The Checkmarx tool, known as Developer Assist, integrates directly into the developer's coding environment (IDE) and claims it can eliminate up to 90% of security issues before the code is even committed to a project. - Research indicates that about 45% of code generated by AI assistants contains security flaws. This is largely because the AI models are trained on vast amounts of public code, which often includes existing vulnerabilities. - Common vulnerabilities introduced by AI coding tools include classics like SQL injection and cross-site scripting (XSS), as well as insecure cryptographic implementations. Insecure code for handling cross-site scripting is particularly prevalent, with some studies showing models failing to produce secure code up to 86% of the time. - The integration with AWS's tool, Kiro, involves connecting to a framework of specialized agents called "Kiro Powers," which allows for a more in-depth analysis of the AI-generated code. - Beyond AWS, Checkmarx Developer Assist also supports other AI-centric coding environments built on Visual Studio Code, such as Cursor and Windsurf. - The adoption of AI in software development is rapidly increasing, with one 2025 survey indicating that 76% of software developers are already using or plan to use AI tools in their work. Another report from early 2026 found that developers estimate 42% of their committed code is AI-assisted. - This move is part of a broader industry trend known as "shift-left" security, where security checks and balances are integrated earlier in the software development lifecycle, directly within the developer's workflow, rather than being a final step before release. - The OWASP Foundation, a nonprofit focused on software security, has released a top 10 list of critical security risks specific to Large Language Models (LLMs), including prompt injection, training data poisoning, and sensitive information disclosure.