What happened
Checkmarx announced (July 14, 2026, GA) that its Developer Assist agent now runs a full autonomous pre-commit find-fix-verify loop inside IDEs/CLIs (Cursor, Windsurf, Kiro, Claude Code) via hooks and MCP, while Triage and Remediation Assist agents autonomously prioritize backlog vulnerabilities by real-world exploitability ("attackability") and generate merge-ready PRs; validated in production at PatientPoint.
Why it matters
Closes the widely-cited gap where 96% of developers use AI coding tools but only 18% apply security continuously — this is a significant AppSec vendor shipping autonomous, not just advisory, vulnerability remediation at GA, with claimed ~70% reduction in manual remediation effort.
Applicability
Enterprise AppSec/DevSecOps teams using Checkmarx One with AI-assisted development pipelines should evaluate now; GA today.