AI-Powered Security Agent

Developer Assist

Q: What is Checkmarx Developer Assist?

Checkmarx Developer Assist is an IDE-native security assistant that helps developers identify and fix security issues as they write code. It scans code in real time, including AI-generated code, and provides actionable guidance directly in the IDE, without waiting for CI/CD or external scans.

Q: How does Checkmarx Developer Assist work inside my IDE?

Developer Assist runs directly within your IDE and analyzes code as it’s written, modified, or refactored. When a potential issue is detected, it surfaces inline feedback with context on why it matters and how to fix it, so you can address problems immediately without switching tools or breaking flow.

Q: Will Checkmarx Developer Assist slow down my development workflow?

No. Developer Assist is designed to be lightweight and unobtrusive. It provides fast, incremental analysis and only surfaces relevant findings, so developers get meaningful feedback without excessive noise or performance impact.

Q: Does Checkmarx Developer Assist help me fix issues, or just flag them?

Developer Assist goes beyond detection. It provides pre and post-commit remediation and safe refactoring suggestions to help you resolve issues without introducing breaking changes. The goal is to fix problems early, confidently, and correctly, before they ever reach a commit or pipeline.

A standalone agentic AI security assistant that lives in your IDE — continuously scanning, explaining, and fixing vulnerabilities in human and AI-generated code before they ever reach the repository.

Request a Demo → See How It Works

Available On

Сursor

Windsurf

VS Code

Kiro IDE

What It Does

Security that moves at the speed of development

Developer Assist is a standalone agentic AI security assistant built for developers working with both human and AI-generated code. It doesn’t just flag issues — it orchestrates scanning engines, understands policy context, and applies validated fixes directly in the IDE.

Built for AI-native IDEs like Cursor and Windsurf as well as VS Code and JetBrains, Developer Assist brings Checkmarx One intelligence directly to the developer, shrinking remediation from hours to minutes without slowing delivery.

10 x

Cheaper to fix pre-commit

Issues caught in the IDE cost a fraction of post-production fixes

87 %

Noise reduction

AI-powered triage cuts false positives so developers focus on what matters

Scan engines unified

SAST, SCA, malicious packages, IaC, containers and secrets — one experience

What it does

Built for every way modern teams write code

Whether your team uses AI coding assistants or ships traditional code, Developer Assist meets you in the IDE with real-time security guardrails.

Real-time vulnerability detection

Detect vulnerabilities, misconfigurations, hard-coded secrets, and malicious packages as code is written — before commit, not after. Covers human and AI-generated code equally.

One-click validated fixes

Propose and apply validated code changes — not just suggestions — directly in the IDE. One click to fix, with full explanation of the security rationale behind every change.

Shorter fix cycles

Cut pre-commit fix cycles from hours to minutes. Reduce remediation costs per issue and help teams avoid expensive downstream rework in CI/CD or production.

AI coding assistant guardrails

Work alongside GitHub Copilot, Cursor, and Windsurf to provide security guardrails and safe refactoring for AI-generated changes — without blocking developer flow.

Get a Demo →

Why Checkmarx

Not just another AI security tool

Developer Assist doesn’t just find vulnerabilities. It validates them, then fixes them — directly in your editor, with one click.

Validated fixes, not just suggestions

Developer Assist orchestrates scanning engines, tools, and policy context to identify, explain, and safely refactor vulnerable code — applying validated patches directly, not just answering prompts.

One agent, many risks

Covers SAST, open-source and malicious packages, IaC, containers, and secrets in a single IDE experience — powered by Checkmarx One unified intelligence and threat data. Not five tools. One agent.

Designed for AI-native IDEs

First-class support for Cursor and Windsurf in addition to VS Code and JetBrains — meeting teams where AI-assisted coding actually happens, not where it happened five years ago.

How It Works

Five scanning engines. One IDE experience.

Developer Assist runs continuously in the background, scanning every file as you write. When it finds an issue, it surfaces a plain-language explanation and a validated, one-click fix — all without leaving your editor.

Continuous background scanning

Runs silently as you type — no manual trigger required

Agentic fix application

Applies validated patches directly to your code, not just suggestions

Plain-language explanations

Understand exactly why code is vulnerable and how the fix works

Zero code exfiltration

Only minimal metadata leaves your machine — source code stays local

Built For Every Team

How Developer Assist serves your team

Developer Assist delivers value across the entire organization — from the CISO down to the individual developer.

CISOs u0026 Security Leaders

Concrete risk reduction at the speed of innovation

Developer Assist gives security leaders a controlled, auditable way to secure AI-generated code without slowing delivery — a low-friction entry point into the broader Checkmarx AppSec platform.

Demonstrate concrete risk reduction through faster remediation, lower cost-per-fix, and fewer vulnerabilities reaching production

Provide a controlled, auditable way to secure AI-generated code without slowing innovation

Use Developer Assist as a low-friction on-ramp to the broader Checkmarx AppSec platform

AppSec Leaders u0026 Security Teams

Shift left without adding friction

Equip developers with real-time guardrails so they catch issues before they ever reach the security team’s queue — reducing noise in central pipelines and freeing AppSec engineers for higher-value work.

Shift security left by equipping developers with real-time guardrails, reducing noise in central pipelines and triage queues

Leverage Checkmarx One policies and intelligence inside the IDE to enforce standards consistently across languages and teams

Free AppSec engineers to focus on architecture, threat modeling, and high-risk findings instead of repetitive fix guidance

DevOps u0026 Platform Engineering

Protect pipeline stability at scale

Pre-commit prevention means fewer broken builds, cleaner CI/CD gates, and secure coding capabilities that scale across hundreds of repositories without pipeline rewrites.

Protect CI/CD stability with pre-commit prevention and safer code reaching pipelines, reducing broken builds and noisy security gates

Deploy lightweight IDE extensions that integrate cleanly with existing toolchains and platform-engineering patterns

Scale secure-coding capabilities across many teams and repositories without pipeline rewrites

Developers u0026 Dev Leaders

Security superpowers, not constraints

Stay in flow. Get contextual explanations and one-click fixes without jumping into separate dashboards. Developer Assist works alongside your favorite AI coding tools — it adds security, not friction.

Stay in flow with contextual explanations and one-click fixes instead of jumping into separate dashboards

Work alongside favorite AI coding tools, adding security superpowers instead of constraints

Build a culture of secure coding by making the secure path the fastest and most convenient path

Common Questions

Frequently Asked Questions

What is Checkmarx Developer Assist?

How does Checkmarx Developer Assist work inside my IDE?

Will Checkmarx Developer Assist slow down my development workflow?

Does Checkmarx Developer Assist help me fix issues, or just flag them?

What types of security issues does Checkmarx Developer Assist detect?

Developer Assist identifies security issues across multiple domains, including application security vulnerabilities detected through SAST, risks introduced by open source and malicious packages, exposed secrets and credentials, Infrastructure as Code (IaC) misconfigurations, and container-related security issues. This analysis applies to both human-written code and AI-generated code, ensuring consistent protection regardless of how the code is created.

What do I need to get started with Checkmarx Developer Assist?

To get started, you need a supported IDE with an existing AI coding assistant enabled, such as GitHub Copilot in VS Code or native agents in Cursor, Windsurf, or AWS Kiro. For AI-powered remediation, Developer Assist connects to Checkmarx remediation intelligence through the Model Context Protocol (MCP). MCP setup is simple and takes only a single configuration step. Once connected, your IDE gains secure access to Checkmarx AppSec knowledge for real-time guidance and verified fixes, without changing your workflow.

What information is shared with Checkmarx or AI models when I use Checkmarx Developer Assist?

Developer Assist is designed to minimize data sharing and keep source code inside your environment. Source code, secrets, and proprietary application data never leave the IDE. Only limited metadata, such as package name, package version, package manager, and vulnerability identifiers, are transmitted to Checkmarx services when enrichment or remediation data is required. AI-generated code changes are created locally by your IDE’s existing AI assistant, and all recommendations are reviewable, optional, and auditable. Checkmarx does not train AI models on customer data, and any optional fallback AI usage is restricted to open-source package metadata only.