Press Release Overview
On June 16, 2026, Checkmarx, the global leader in agentic application security, announced a major upgrade to its Checkmarx One platform—a new hybrid static application security testing (SAST) scanning engine. The announcement, issued from Paramus, New Jersey, emphasizes that the hybrid engine combines three layers of protection: a deterministic rules‑based foundation refined over two decades, a purpose‑tuned large‑language‑model (LLM) engine that extends detection to any language—including AI‑generated and emerging code—and a Finding Analysis Engine (FAE) that validates true positives while suppressing false positives before findings reach developers.
Performance Metrics
In head‑to‑head testing across seven real production codebases, the hybrid engine recorded an F1 score of 0.64, which is more than three times the industry‑average score of 0.20 that Checkmarx evaluated for competing approaches. The same tests showed a 60% reduction in false‑positive findings, enabling security teams to focus on high‑confidence, exploitable vulnerabilities.
Market Context and Technical Capabilities
Checkmarx highlighted that 49% of code in production is now AI‑generated and demonstrably more insecure, with exploit windows shrinking from months to minutes. To address this, the new engine offers language‑agnostic scanning that covers AI‑generated code, emerging languages, and polyglot applications without sacrificing the precision of deterministic analysis. The FAE provides board‑grade evidence of what is truly exploitable and what has been resolved, supporting defensible governance decisions.
Executive Commentary
CEO Sandeep Johri stated that neither rules‑based analysis nor AI models alone can tell the whole story, and that the hybrid architecture delivers the precision of deterministic scanning together with the reach of AI. Chief Product Officer Jonathan Rende added that while AI boosts developer productivity, independent benchmarks show that even the best models produce insecure code in one‑third to nearly half of cases, and that existing tools waste compute resources chasing false positives. He asserted that the new engine gives customers confidence, predictability, and cost‑effective protection.
Availability and Further Information
The hybrid scanning engine and its Finding Analysis Engine are now available in early access as part of the Checkmarx One platform. Checkmarx invites interested parties to visit checkmarx.com for more details and to join the virtual summit “Agentic AppSec Unleashed ’26” scheduled for June 16, 2026.
Company Scale
Checkmarx notes that its One platform scans trillions of lines of code each year for its customers, reducing vulnerability density by more than half while delivering autonomous security agents that detect and counter AI‑driven threats across the software development lifecycle.