Mike Vizard examines how ArmorCode’s Anya AI now generates automated, environment-specific code fixes and brings software supply chain insight to application security, as announced at Black Hat USA 2025.

ArmorCode Expands Anya AI to Deliver Custom Code Fixes for Runtime Environments

By Mike Vizard

At Black Hat USA 2025, ArmorCode announced major new capabilities for its Anya AI-powered platform aimed at improving application security and developer efficiency:

Key Announcements

1. Context-Aware Code Fix Generation

  • Anya AI can now generate suggested code fixes tailored to the specific runtime environment, increasing the accuracy and relevance of remediation suggestions for developers.
  • The tool leverages data from over 40 billion findings across more than 320 integrations, enabling advanced insights for DevSecOps teams.
  • The process supports review and oversight, with developers able to review and approve fixes before code is committed.

2. Supply Chain Module and SBOM Automation

  • New module offers visibility into the full software supply chain:
    • Surfaces software component quality metrics, security assessment results, and health indicators.
    • Integrates with the Vulnerability Exploitability eXchange (VEX) format.
    • Automates the generation of composite Software Bills of Materials (SBOMs).
    • Supports compliance needs such as those set by the EU’s Cyber Resilience Act.

3. Model Context Protocol (MCP) Support

  • Added interoperability with Anthropic’s Model Context Protocol, allowing data collected and created by Anya to be accessed by external large language models (LLMs) and third-party tools.
  • Enables broader use of security intelligence throughout the organization and the development lifecycle.

DevSecOps and Security Implications

  • By providing runtime-specific fix recommendations and automating patch application, Anya helps reduce the time and stress involved in application vulnerability remediation, addressing both developer productivity and security demands.
  • Responds to the reality that modern AI coding tools can introduce new vulnerabilities due to poor training data, thereby driving up the need for automated, high-context remediation.
  • New supply chain capabilities allow for better management of risk through visibility and automation—especially relevant as supply chain attacks rise in frequency and sophistication.
  • Futurum Group’s recent survey of cybersecurity leaders highlights software supply chain security, application security posture management (ASPM), and DevSecOps automation/orchestration as top priorities.
  • Application development teams are increasingly being given responsibility—and sometimes budget—for application security, making integrated toolchains that bridge development and security critical.

Why This Matters

  • With cyber threats evolving rapidly and software supply chains growing more complex, automating effective, context-sensitive fixes and securing dependencies at each stage benefits both development and security teams.
  • The Anya platform illustrates trends in leveraging AI and standard protocols to break down silos between teams, accelerate secure software delivery, and provide the foundation for compliance.

Further Reading & References:

For more DevOps news and insights, sign up for the DevOps.com newsletter.

This post appeared first on “DevOps Blog”. Read the entire article here