Checkmarx has announced its acquisition of Tromzo, a significant move in the realm of autonomous application security (AppSec). This acquisition is expected to enhance the Checkmarx One platform and expand the Checkmarx Assist suite of AI-driven security agents.
Tromzo, noted for its AI-native autonomous security agents, brings technology and an expert team that will help Checkmarx deliver AI agents capable of understanding and remediating enterprise-level security risks across complex software ecosystems.
Governance policies for AI usage
Checkmarx's research indicates a notable shift in software development, with 60% of code now AI-generated
Incorporating Tromzo's capabilities, Checkmarx aims to lower risks and improve productivity by enabling developers to address security issues through automated remediation. This integration also provides engineering managers with comprehensive oversight without impeding software delivery.
Checkmarx's research indicates a notable shift in software development, with 60% of code now AI-generated. However, 98% of organisations have experienced breaches due to vulnerable code, and only 18% have formal governance policies for AI usage, highlighting the need for streamlined AI solutions.
AI-powered virtual security
Sandeep Johri, CEO of Checkmarx, stated, “This acquisition propels Checkmarx forward on our path to redefine AppSec through agentic AI that transforms how enterprises secure all of their code, whether it is existing, human-created, or produced through AI-driven development.”
By leveraging Tromzo's cognitive architecture, Checkmarx introduces an AI-powered virtual security assistant that comprehends real risks and automates responses, aspiring for a landscape where code security is continuous and AI serves as a key partner.
Checkmarx's expansion with Tromzo
Checkmarx launched the first of these agents, Developer Assist, offering real-time guidance
Tromzo's agents, which are built on cognitive architecture, will provide a critical intelligence layer across the Checkmarx One platform and Checkmarx Assist agents.
Earlier this year, Checkmarx launched the first of these agents, Developer Assist, offering real-time guidance in various integrated development environments.
Highlights of the acquisition
- Autonomous AppSec: The integration of Checkmarx's platform and Tromzo's agents facilitates a transition towards autonomous AppSec.
- Talent and Leadership: Tromzo's founders, Harshil Parikh and Harshit Chitalia, and their team will bolster Checkmarx's AppSec efforts.
- Expanded Checkmarx Assist: Tromzo's engine will enhance new Assist agents from 2026, furthering enterprise-grade AI security.
Agentic AI security solutions
Tromzo co-founder Harshil Parikh commented, “We built Tromzo with a singular mission: accelerate remediation of the risks that truly matter.” He emphasised that joining Checkmarx allows them to further this mission by combining their agents with Checkmarx’s expansive platform.
This partnership aims to empower enterprises to confidently adopt AI coding tools, supported by AI security solutions that protect each line of code throughout its lifecycle. For more information, visit the Checkmarx blog.
Discover how AI, biometrics, and analytics are transforming casino security
Checkmarx, the pioneer in agentic application security, announces its acquisition of Tromzo, a pioneer in AI-native autonomous security agents. The deal marks a major leap forward in autonomous AppSec, accelerating the delivery of AI agents that understand real enterprise risk, reason across complex software ecosystems, and remediate continuously with precision.
Tromzo’s technology and world-class engineering team will enhance the Checkmarx One platform and expand the Checkmarx Assist family of AI agents.
Governance policies for AI usage
Tromzo founders Harshil Parikh and Harshit Chitalia, along with their entire AI engineering team, will join Checkmarx’s product and engineering organisation. Tromzo’s capabilities are designed to reduce risk while dramatically increasing productivity by helping developers fix security issues with automated remediation and giving engineering managers and AppSec pioneers full visibility without slowing down delivery.
AI has fundamentally reshaped software development. According to Checkmarx research, 60% of code is now AI-generated, and 98% of organisations have experienced breaches tied to vulnerable code, even though only 18% report having formal governance policies for AI usage. Manual gating processes cannot keep pace, creating bottlenecks that slow prioritisation and remediation and leaving a growing volume of issues to identify and resolve.
AI-powered virtual security
“This acquisition propels Checkmarx forward on our path to redefine AppSec through agentic AI that transforms how enterprises secure all of their code, whether it is existing, human-created, or produced through AI-driven development,” said Sandeep Johri, CEO of Checkmarx.
“By acquiring Tromzo, we are integrating the only platform built on a true cognitive architecture capable of enterprise-grade reasoning. We’re offering an AI-powered virtual security assistant to every developer that understands real risk and automates remediation, moving us closer to a world where code is continuously protected and AI becomes an intelligent partner in security.”
Checkmarx released the first of these agents
Built on a cognitive architecture, Tromzo’s agents analyse code, deployment artifacts, and business context to drive high-confidence triage and remediation aligned to enterprise risk models. These capabilities will become a core intelligence layer across Checkmarx One and the Checkmarx Assist family of agents.
Earlier this year, Checkmarx released the first of these agents, Developer Assist, which provides developers with real-time, context-aware guidance as developers code in pioneering IDEs such as Windsurf by Cognition, Cursor, and GitHub Copilot.
Key acquisition highlights
- Autonomous AppSec: The combined capabilities of Checkmarx’s market-pioneering platform and Tromzo’s reasoning-based agents accelerate the shift toward autonomous application security.
- Talent & Leadership: Tromzo founders and AppSec AI pioneers Harshil Parikh and Harshit Chitalia, along with their engineering team, join Checkmarx to drive the future of agentic AI in AppSec.
- Expanded Checkmarx Assist: Tromzo’s reasoning engine will power new Assist agents beginning in early 2026, advancing enterprise-grade AI-powered security.
Agentic AI security solutions
“We built Tromzo with a singular mission: accelerate remediation of the risks that truly matter,” said Harshil Parikh, co-founder of Tromzo. “Joining Checkmarx, the undisputed pioneer in enterprise AppSec, is the perfect acceleration of that mission. By combining our deep reasoning agents with Checkmarx’s reach, scale, and market leadership, we’re delivering the only solution that lets enterprise security teams move fast with enterprise-grade control.”
Together, Checkmarx and Tromzo will empower enterprises to adopt AI coding tools with confidence, backed by agentic AI security solutions that safeguard every line of code from creation through deployment. Visit the Checkmarx blog to learn more.
