ArmorCode Extends Agentic AI in ASPM Platform to Address Growing Risk from AI-Generated Code and Apps

August 05, 2025 at 09:00 AM EDT

The company showcases agentic AI capabilities at Black Hat USA 2025 built on independent governance with 40B findings and 320+ integrations; 4x findings growth year-over-year

ArmorCode, the leading AI-powered Application Security Posture Management (ASPM) platform trusted by over 215,000 practitioners, today at Black Hat USA 2025 announced significant application security and remediation advancements to help customers address risks posed by AI-generated code and applications, along with imminent compliance demands from regulations including the Cyber Resilience Act (CRA).

As enterprises rapidly adopt AI-generated code, security teams struggle with the unprecedented volume, complexity, and hidden risks this new wave of automated development introduces including insecure logic, untracked runtime assets, and overwhelming alert fatigue. ArmorCode's AI capabilities, featuring Anya, the industry's first agentic AI virtual security champion for application security, are built on an unmatched data foundation of over 40 billion processed findings with more than 320 integrations. This enables superior correlation and accelerated, automated risk remediation across the entire security lifecycle.

Anya’s new AI-driven remediation capabilities, combined with revolutionary Model Context Protocol (MCP) server enhancements and robust software supply chain security (SSCS) capabilities, provide the visibility, scale, and automated governance needed to proactively identify, prioritize, and mitigate these emerging risks.

Next-Generation AI Remediation: Anya and Code Insights Unite

ArmorCode combines Anya with enhanced AI remediation capabilities and its proprietary AI Code Insights to deliver contextual, code-specific remediation guidance. By understanding the context of an organization’s code repositories through Code Insights, Anya generates remediation instructions tailored to the specific environment rather than generic fixes. Security teams and developers can engage Anya in natural conversation to explore remediation options, understand vulnerability impact, and get answers about implementation details—all grounded in data from the broadest available security tool integrations. This delivers an 80% reduction in Mean Time to Remediation (MTTR) through intelligent remediation that's immediately applicable to an organization’s code, not just theoretically correct.

Model Context Protocol (MCP) Server: Contextual Security Data for AI-Powered Automation

ArmorCode's MCP Server provides a standardized interface that enables any MCP-compatible LLM (e.g., Claude, ChatGPT, GitHub Copilot) to programmatically access security data. By implementing Model Context Protocol, ArmorCode makes its unified security intelligence, including vulnerabilities, risk scores, and remediation workflows, available as structured data that LLMs can query and reason over. When the AI assistant is asked about an organization’s security posture, it pulls real-time data from ArmorCode to ground its responses in actual risk factors. This ensures the AI assistant delivers accurate, context-aware security guidance based on comprehensive AppSec data.

Strengthening Software Supply Chain Security (SSCS)

ArmorCode's software supply chain module provides complete visibility into component usage across an organization's portfolio, enriching traditional vulnerability data with quality metrics, security posture assessments, and health indicators to identify risks before they become exploitable vulnerabilities. The platform automates the generation of composite software bill of materials (SBOMs) and supports CRA compliance through integrated Vulnerability Exploitability eXchange (VEX) capabilities. This is critical for any organization selling software in Europe, where CRA mandates vulnerability disclosure and continuous security updates throughout a product's lifecycle. By uniting proactive component risk assessment with automated compliance reporting, ArmorCode transforms supply chain security from reactive CVE scanning into strategic risk management that addresses both security and regulatory requirements.

"Organizations are rapidly adopting AI code assistants to achieve efficiencies, but the sheer volume and velocity of code being produced creates exponential security risks to manage," said Mark Lambert, Chief Product Officer of ArmorCode. "Traditional security approaches can't keep up with AI-powered development, so AI is needed to scale with AI. That's why Anya, our agentic virtual security champion, is essential. At ArmorCode, we're continuously innovating to help security teams harness the power of AI, not just to keep pace but to get ahead. From contextual AI remediation to MCP-enabled LLM integration, we're accelerating our customers into a future where security scales seamlessly with development. This vision is already being realized within the ArmorCode platform."

Availability

These new innovations, available now in the ArmorCode ASPM Platform, will be showcased live at the Black Hat USA 2025 conference in booth #1461.

As a Purple Book Community (PBC) diamond sponsor, ArmorCode will also be at the annual must-attend PBC Connect - Black Hat event on Wednesday, August 6th. This gathering brings together security industry leaders and AppSec practitioners for networking and discussions on key topics, including how AI is reshaping the AppSec landscape and preparing for Cyber Resilience Act deadlines.

To meet Anya and learn more about ArmorCode’s AI Code Insights, visit www.armorcode.com/meet-anya.

About ArmorCode

ArmorCode is on a mission to supercharge security teams with a new independent governance approach to reduce risk and burn down critical security technical debt. With its AI-powered ASPM Platform, driven by over 40 billion findings from over 320 ecosystem integrations, ArmorCode delivers a single, unbiased view of your risk across applications, infrastructure, containers, and cloud. ArmorCode unifies and normalizes findings, correlates them with business context and threat intel through adaptive risk scoring, and orchestrates security workflows to empower users to easily remediate issues. ArmorCode delivers unified visibility, AI-enhanced prioritization, remediation and scalable automation for customers so they can realize a complete understanding of risk, respond at scale, and collaborate more effectively.

Enterprises of all sizes, including dozens of Fortune 1000 companies, scale their security effectiveness by more than 10x and maximize their ROI on existing security investments with ArmorCode through managing Application Security Posture, Risk-Based Vulnerability Management, Software Supply Chain Security, DevSecOps, and Risk & Compliance. For more information, visit www.armorcode.com.