Authored by Mike Vizard, this article explores Cycode’s new AI agent for its application security platform. The tool is designed to evaluate and prioritize vulnerabilities, helping DevSecOps teams respond more effectively to emerging security challenges.

Cycode Adds AI Agent to Assess Exploitability of Application Vulnerabilities

Author: Mike Vizard
Cycode, AI, AI agent

Summary

Cycode has announced the integration of an artificial intelligence (AI) agent into its Application Security Posture Management (ASPM) platform, specifically designed to assess how exploitable vulnerable code within applications may be. The development is intended to help DevSecOps teams more effectively prioritize and address security risks in increasingly complex modern software environments.

Key Points

  • AI Exploitability Agent: The core update is a new AI agent that evaluates vulnerabilities to assess their exploitability. By doing so, security teams can focus remediation efforts on the issues that pose the highest risk to the organization.
  • AI Security ROI Calculator: In addition to the agent, Cycode has provided a Security ROI Calculator, which analyzes the impact of using AI for various DevSecOps scenarios, helping organizations measure return on investment.
  • DevSecOps Enablement: Devin Maguire, senior product marketing manager at Cycode, explained the agent is designed to simplify vulnerability prioritization and enable more targeted remediation, addressing concerns around the proliferation of vulnerabilities as a result of AI-generated code.
  • Vulnerability Trends: Cycode estimates that for every 10,000 lines of code, one security flaw is created, and about 40% of AI-generated applications contain some form of vulnerability.
  • Adversary Capabilities: As AI-enabled coding tools help developers, they also aid cybercriminals who are using similar technologies to discover and exploit vulnerabilities, increasing the need for robust automated assessment.
  • AI Security Teammates: The Exploitability Agent accompanies other Cycode AI agents, including:
    • Change Impact Analysis Agent: Monitors code changes across pull requests for significant risk alterations.
    • Fix & Remediation Agent: Analyzes root causes and proposes code fixes.
  • Risk Intelligence Graph (RIG): These agents utilize Cycode’s RIG to analyze risks across code repositories, workflows, secrets, dependencies, and cloud infrastructure.
  • Integration with Model Context Protocol (MCP): Support for MCP, developed by Anthropic, allows AI agents to access and share data, consolidating alerts for more streamlined incident response.
  • Operational Benefits: The new approach aims to foster improved collaboration between application development and cybersecurity teams, offering better vulnerability context and more actionable insights compared to legacy tools.
  • Industry Perspective: According to a recent Futurum Group survey, prioritizing ASPM platforms, automation, and orchestration is a top concern for organizations. The survey also found that funding and responsibility for application security are becoming increasingly shared between security and development teams.
  • Regulatory Drivers: As software supply chain security faces more regulatory scrutiny, timely and cost-effective remediation is becoming even more crucial.

Conclusion

Cycode’s deployment of AI agents seeks to shift application security from merely identifying vulnerabilities to automating context-rich risk prioritization, leveraging modern AI and integration frameworks. As development and security teams adapt to rapid software delivery and growing threats, tools that provide improved visibility and actionable intelligence will become increasingly valuable.

For more information about Cycode’s AI exploitability agent and related DevSecOps trends, visit the original article.

This post appeared first on “DevOps Blog”. Read the entire article here