Latest news with #Cycode
Yahoo
22-07-2025
- Business
- Yahoo
AI Creates Millions of New Code Vulnerabilities. Cycode Introduces AI Exploitability Agent to Prioritize and Fix What Matters 99% Faster.
SAN FRANCISCO, July 22, 2025 /PRNewswire/ -- Cycode, the leader in AI-native application security, today announced the launch of its AI Exploitability Agent, debuting at Black Hat 2025. This new capability empowers security teams with an AI Teammate to prioritize high-risk, exploitable vulnerabilities and fix them 99% faster. AI is accelerating software development with tools like Cursor generating over a billion lines of code a day. Lurking in all that AI-generated code are millions of new security vulnerabilities. At conservative estimates of 1 security flaw per 10,000 lines of code, Cursor generates 100,000 security flaws every single day. The real number is likely much higher with an estimated 40% of AI-generated apps containing vulnerabilities and a report finding "Cursor consistently fails to generate secure code." "We were already facing an overwhelming tide of security alerts," said Lior Levy, CEO and Co-founder of Cycode. "The AI coding revolution threatens to completely overwhelm traditional approaches. It's no longer enough to just keep pace; security must take the lead, leveraging automation and AI that provides crystal-clear visibility, intelligent prioritization, and automated fixes. Cycode's new Exploitability Agent is an essential part of our AI-native application security platform, fundamentally transforming the notoriously difficult and time-consuming process of triaging alerts and determining true exploitability." AI transforms how software is created. Cycode transforms how it is secured. Cycode's new AI Exploitability Agent expands Cycode's suite of AI Security Teammates to automatically distill overwhelming alerts into clear risk-based priorities. The Exploitability Agent delivers answers to three critical questions: Is a violation exploitable? The presence of a vulnerability does not mean there is an exploitable risk. Cycode automates exploitability analysis to determine whether attackers can successfully target vulnerabilities in the real world. What is the risk? Severity is not the same as risk. A high-severity violation that is not deployed or exposed has less risk than a medium-severity vulnerability with a known exploit in a public-facing application. Cycode quantifies the relative risk of violations by leveraging code-to-runtime context in risk score calculations. What is the root cause? Often, multiple scanners will identify vulnerabilities that stem from the same root cause. Cycode correlates data across scans to consolidate alerts and connect signals between runtime risks, root causes in code, and owners. By delivering critical exploitability answers in minutes, not days, Cycode's AI Exploitability Agent fundamentally revolutionizes traditional analysis and triaging. Working in seamless concert, Cycode's AI Exploitability and AI Fix Teammates empower customers to slash the Mean Time to Remediate (MTTR) critical issues by over 99%—dramatically reducing resolution time from over 10 months to a mere 3 days. Measuring the ROI of AI Application Security In addition to the AI Exploitability Agent, Cycode recently released an AI Security ROI Calculator. By analyzing the impact of AI across common use cases, organizations can calculate the potential return on investment using AI to address common pain points including: Remediation: Fixing issues faster with automation and AI-generated fixes Exploitability Analysis: Triaging faster with risk scoring and exploitability Risk Intelligence: Deriving insights within security data from natural language queries Advancing Application Security for the AI Revolution Cycode's AI-native application security platform equips teams with insights from code-to-runtime context, risk-based prioritization, no-code automation, and AI fixes to reduce risk at speed and scale. Key capabilities include: Secure AI Development: Shift security left into vibe coding and AI-assisted workflows using Cycode's MCP Server Change Impact Analysis: Identify material code changes that require additional scrutiny with AI-powered Change Impact Analysis Exploitability-Based Prioritization: Accelerate triage with context-aware risk scoring with Risk Intelligence Graph (RIG) and Exploitability Agent Teammates Automated Fixes: Reduce MTTR by connecting prioritized risks with owners and owners with fixes using no-code automation and Cycode's AI Fix and Remediation Teammate "Cycode delivers the security tool coverage, unified visibility, intelligent risk prioritization, and automation we need to improve our DevSecOps outcomes," said Kimberly Mattheys, Head of Application Security and DevSecOps at Solaris. "Since partnering with Cycode, we now triage issues 99% faster, automate fixes for 46% of our critical vulnerabilities, and have reduced the mean time to remediate critical vulnerabilities by an impressive 99.4%." About Cycode Cycode's AI-Native Application Security Platform unites security and development teams with actionable context from code to runtime to identify, prioritize, and fix the software risks that matter. Powered by proprietary scanners, third-party integrations, and the Risk Intelligence Graph (RIG), Cycode delivers unified, correlated insight across the Software Factory. Its unique ability to sense, reason, and act with context in the AI-Era comes from its foundational convergence of AST, ASPM, and Software Supply Chain Security—purpose-built to secure both AI- and human-generated code. Media ContactFabienne DawsonFabienne@ View original content to download multimedia: SOURCE Cycode Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Techday NZ
18-07-2025
- Business
- Techday NZ
Cycode & HackerOne integrate to speed software vulnerability fixes
Cycode and HackerOne have announced a partnership aimed at streamlining the remediation process of vulnerabilities found through bug bounty programmes by leveraging Application Security Posture Management (ASPM). Bug bounty programmes have become essential to application security strategies, enabling organisations to uncover and validate security vulnerabilities by engaging a community of ethical hackers. HackerOne has developed its reputation for discovering and validating these issues at scale, while Cycode provides ASPM capabilities designed to support security and development teams through vulnerability management. The partnership will see findings from HackerOne integrated directly into Cycode's platform. This integration is intended to enable rapid assignment, triage, and remediation of validated vulnerabilities, providing security and development teams with additional context to address issues effectively. "Security threats are evolving fast, and fixing vulnerabilities quickly is more important than ever. Our integration with Cycode gives customers and partners the real-world context and automation they need to move faster. By combining HackerOne's exploit data with Cycode's ASPM capabilities, teams can prioritize the right risks and resolve them earlier in development, so they can ship safer software, faster." – John Addeo, VP Global Partner Ecosystem at HackerOne According to the companies, vulnerabilities identified through bug bounty reports often represent the most urgent and actionable risks, given that they are verified by independent security researchers and demonstrate exploitability in live environments. However, data from these bug bounty reports frequently resides outside the tools developers use day-to-day, leading to delays and inefficiencies in addressing them. Through the new integration, HackerOne's findings will be ingested into Cycode's Risk Intelligence Graph (RIG), described as a unified knowledge base of security issues across the software development lifecycle. Each bug bounty report incorporated into RIG will be enhanced with details such as repository mapping - which identifies the precise source code repository where a vulnerability originated - developer ownership to identify responsible parties, and deployment context relating to the specific services or infrastructure affected. Cycode believes that providing this level of detail gives security teams a clear path from discovery to remediation, while also offering developers actionable context to address issues without unnecessary delay or manual triage. "Vulnerabilities from HackerOne represent some of the most urgent and actionable risks organizations face. By bringing those findings into the Cycode platform, we're giving teams critical context, ownership mapping, and developer engagement they need to fix issues faster and with greater confidence. This partnership is about helping our customers build more secure software at scale without slowing down velocity." – Prasad Raman, VP Partnerships at Cycode The collaboration is also expected to accelerate remediation times for shared customers by linking each HackerOne report directly to the relevant code owner. This connection enables teams to meet service-level agreements and reduce mean time to resolution, which is especially important for high-severity vulnerabilities. Another advantage cited by the companies is the ability to leverage HackerOne's real-world exploit data to improve risk scoring and prioritisation. According to Cycode, this ensures that limited security resources are focused on issues with the highest potential impact. The integration is designed to work within the toolchains already used by developers - including platforms like Jira, GitHub, GitLab, and Slack - so that findings arrive complete with actionable information and do not require further clarification from application security teams. Both Cycode and HackerOne state that the partnership is more than just a technical integration, positioning it as a means to strengthen application security workflows overall. HackerOne aims to turn validated bugs into resolved issues, which it sees as a way to bolster customer satisfaction. Cycode, meanwhile, benefits from extended detection capabilities and the ability to contextualise issues based on exploitability in production. The two companies emphasise that customers stand to benefit from greater efficiency, stronger collaboration, and a more connected approach to securing software throughout development and deployment lifecycles.
Techday NZ
23-06-2025
- Business
- Techday NZ
Agentic AI transforms business operations with enhanced oversight
The integration of agentic artificial intelligence (AI) into business operations is gaining significant momentum across industries, with new research, commentary, and product announcements underscoring both the promise and complexities of these advanced technologies. Matt Johnson, Managing Director for AI & Data at Temus, outlined the evolving landscape of AI agents, noting an industry-wide shift from rudimentary AI interactions towards more advanced, contextually aware systems. "We're witnessing a significant shift in how AI agents are being deployed across industries. The most successful implementations go far beyond basic prompting," Johnson observed. He highlighted the application of sophisticated techniques such as automated reprompting, parameter-efficient fine-tuning, and reinforcement learning, which allow agents to learn from their environments and incorporate expert knowledge. Johnson emphasised that data remains the critical foundation for agentic AI. He noted, "Companies are now realising they need deliberate strategies to acquire and structure this expert knowledge – it's become a competitive differentiator." In sectors such as healthcare and financial services, he asserted, the inclusion of human-in-the-loop workflows is not optional but essential, with the best AI systems augmenting human expertise rather than replacing it. The software development sector, according to Johnson, has provided one of the most compelling success stories, with AI tools such as Claude Code assisting developers by providing contextual suggestions and even autonomously generating code, all while preserving human oversight. This reflects a broader trend, with organisations increasingly viewing AI agents not as autonomous replacements for professionals, but as tools to enhance productivity and decision-making. In the domain of cybersecurity, a new study from Cycode, presented at the RSA Conference 2025, illuminated how agentic AI is reshaping application security practices. The survey found that while 60% of cybersecurity professionals remain in early stages of adoption, those organisations that have embraced agentic AI report notable productivity gains and reduced risks in development and security workflows. Amir Kazemi, Director of Product Marketing at Cycode, observed, "Many interpretations and modalities of 'agent' exist, from simple chatbots to complex workflow automations to true autonomous agents. Our data underscores that educating the market on what agentic AI truly is, why it matters for AppSec, and its tangible value is paramount right now." The Cycode research illustrated growing interest, with almost 50% of surveyed professionals planning to adopt agentic AI in the coming year. Yet, concerns remain about granting AI systems autonomy, with businesses taking a measured approach to integrating these tools. The study identified key opportunities: 44% of professionals believe agentic AI will improve vulnerability management, while 52% see significant value in using AI-driven security checks at the code commit stage. The perceived widening gap between application security and development resources, with some teams managing ratios as high as one security specialist per 1,000 developers, exemplifies the mounting pressure on teams that agentic AI could help alleviate. Financial services are also experiencing AI-driven transformation, as demonstrated by the launch of GTreasury's GSmart AI platform, designed specifically for treasury and finance operations. The platform aims to deliver efficiencies and transparent insights for CFOs and treasury professionals facing complex market and regulatory conditions. GTreasury CEO Renaat Ver Eecke stressed the necessity for AI in finance to prioritise security, compliance, and rapid problem-solving. "GSmart AI... empowers CFOs and treasury teams to confidently take advantage of powerful insights and value without sacrificing compliance or oversight," Ver Eecke stated. The platform provides automated analysis, risk identification, and strategic recommendations, all while ensuring auditability and governance. Mark Johnson, Chief Product Officer at GTreasury, added that GSmart AI is distinguished by its transparency and data sovereignty features, supporting rigorous standards and regulatory requirements. These developments signal that agentic AI, when combined with robust data strategies and clear boundaries for human oversight, is rapidly becoming integral to modern workflows. Whether in software development, cybersecurity, or treasury operations, organisations are increasingly seeking to leverage the unique capabilities of these AI agents to enhance human judgement, streamline complex tasks, and maintain compliance in a rapidly evolving technological landscape.
Techday NZ
18-06-2025
- Business
- Techday NZ
Agentic AI adoption in application security sees cautious growth
A new study conducted by Cycode has revealed changing attitudes towards the use of agentic artificial intelligence (AI) within application security, indicating both cautious uptake and notable benefits among early adopters. The survey, compiled from respondents at RSA Conference 2025, found that 60% of cybersecurity professionals are still at the early stages of adopting agentic AI, while those who have begun implementation are already reporting tangible improvements in productivity and risk mitigation. Adoption and anticipated growth The study highlights a considerable proportion of the market preparing for broader adoption, with nearly 50% of respondents planning to integrate agentic AI tools within the next year. The incremental approach taken by organisations reflects a degree of caution, particularly around the concept of granting AI systems the autonomy to make decisions independently. This hesitancy is attributed to organisations seeking to adapt their security practices to rapidly evolving development requirements while weighing the associated risks and benefits of such technology. The research points out that as awareness of agentic AI's capability within application security grows, the focus on educating the market about both its advantages and potential risks becomes more pronounced. The report suggests that clear communication around these factors may help overcome reservations among organisations still in the initial phase of AI adoption. Impact on workflows and team dynamics The survey results illustrate the impact agentic AI could have on software development pipelines. Thirty percent of respondents believe integrating agentic AI into continuous integration and continuous deployment (CI/CD) pipelines would significantly enhance the process. The increased speed and frequency of code deployment-termed "vibe coding" in industry parlance-has led to faster development cycles. This acceleration does not necessarily alter the ratio of application security personnel to developers, but it can create the impression of a widening gap, with security teams struggling to keep up. The data indicates that whilst 45% of respondents maintain a 1:50 to 1:100 application security-to-developer ratio, 26% report a much wider 1:500 to 1:1000 ratio. This imbalance places considerable strain on security professionals who are responsible for oversight, with survey findings indicating that agentic AI solutions have the potential to alleviate these pressures. Agentic AI capabilities in practice Key findings from the survey reveal varied perceptions on the utility of agentic AI for security teams. Forty-four percent of those surveyed believe agentic AI's greatest benefit lies in supporting the identification, prioritisation, and remediation of vulnerabilities. Another 38% believe these systems will enhance application security testing (AST), highlighting the perceived value of collaboration between AI and human teams to streamline key security operations. More than half (52%) of respondents agreed that, when integrated with AST tools, agentic AI's use of pre-commit hooks effectively sustains security checks during code commits, transforming what were previously overwhelming manual tasks into manageable automated processes. In addition, 44% of cybersecurity professionals highlighted the value of agentic AI in streamlining and enhancing secrets detection to help prevent data leaks, with many pointing to the importance of context-aware decision-making capabilities for the effectiveness of such solutions. Industry commentary Amir Kazemi, Director of Product Marketing at Cycode, commented on the findings: "It's fascinating to follow the industry's measured, yet rapid adoption to Agentic AI. Many interpretations and modalities of 'agent' exist, from simple chatbots to complex workflow automations to true autonomous agents. Our data underscores that educating the market on what agentic AI truly is, why it matters for AppSec, and its tangible value is paramount right now. Cycode is committed to leading this charge, empowering security teams and developers the ability to sense, reason, and act with context through agentic AI solutions." Cycode's latest research also notes the company's continued work in this area, including its agentic AI framework, which aims to support developers and security staff through autonomous AI teammates and context-aware remediation capabilities.
