Checkmarx has announced its acquisition of Tromzo, a developer of AI-native autonomous security agents. This strategic move is expected to significantly advance autonomous application security (AppSec) by integrating AI agents capable of comprehending enterprise risk, analyzing complex software environments, and providing continuous, precise remediation.
Tromzo's innovative technology and expert engineering team will be integrated into the Checkmarx One platform and contribute to the expansion of the Checkmarx Assist suite of AI agents.
Enhancing AppSec with AI
Manual processes struggle to keep pace, creating bottlenecks that delay remediation and prioritize workload
Harshil Parikh and Harshit Chitalia, the founders of Tromzo, along with their entire AI engineering team, are set to join Checkmarx's product and engineering division. Tromzo's capabilities are expected to reduce security risks and enhance productivity by enabling automated remediation of security issues and granting engineering managers enhanced visibility without hindering delivery timelines.
Recent research by Checkmarx underscores the transformative impact of AI on software development, revealing that 60% of code is currently AI-generated. Despite this, only 18% of organizations have established formal governance policies for AI usage, though 98% have experienced breaches linked to vulnerabilities in code. Manual processes struggle to keep pace, creating bottlenecks that delay remediation and prioritize workload.
Advancing Virtual Security
According to Sandeep Johri, CEO of Checkmarx, "This acquisition propels Checkmarx forward on our path to redefine AppSec through agentic AI that transforms how enterprises secure all of their code, whether it is existing, human-created, or produced through AI-driven development." Johri highlighted that combining Tromzo’s cognitive architecture with Checkmarx’s capabilities provides developers with an AI-enabled virtual security assistant that not only understands risk but also automates the remediation process.
Earlier this year, Checkmarx introduced Developer Assist, an agent providing real-time, context-aware assistance directly within integrated development environments (IDEs) like Windsurf by Cognition, Cursor, and GitHub Copilot.
Key Highlights of the Acquisition
The collaboration will see the intro of new Assist agents powered by Tromzo’s reasoning engine beginning
This acquisition signifies a pivotal shift towards autonomous AppSec by amalgamating Checkmarx’s services with Tromzo’s intelligence-driven agents.
The inclusion of Tromzo founders Harshil Parikh and Harshit Chitalia, alongside their engineering team, aims to propel the development of agentic AI solutions for AppSec. Furthermore, the collaboration will see the introduction of new Assist agents powered by Tromzo’s reasoning engine beginning in 2026.
Agentic AI Security Solutions
Harshil Parikh stated, "We built Tromzo with a singular mission: accelerate remediation of the risks that truly matter. Joining Checkmarx is the perfect acceleration of that mission." By synergizing Tromzo’s reasoning agents with Checkmarx’s broad reach, the partnership aims to enable enterprise security teams to operate swiftly with enterprise-grade control.
The collaboration between Checkmarx and Tromzo seeks to empower enterprises to confidently adopt AI coding tools, backed by agentic AI security solutions that ensure the safety of code from inception to deployment. For further details, interested parties are encouraged to visit the Checkmarx blog.
Discover how AI, biometrics, and analytics are transforming casino security
Checkmarx, the pioneer in agentic application security, announces its acquisition of Tromzo, a pioneer in AI-native autonomous security agents. The deal marks a major leap forward in autonomous AppSec, accelerating the delivery of AI agents that understand real enterprise risk, reason across complex software ecosystems, and remediate continuously with precision.
Tromzo’s technology and world-class engineering team will enhance the Checkmarx One platform and expand the Checkmarx Assist family of AI agents.
Governance policies for AI usage
Tromzo founders Harshil Parikh and Harshit Chitalia, along with their entire AI engineering team, will join Checkmarx’s product and engineering organization. Tromzo’s capabilities are designed to reduce risk while dramatically increasing productivity by helping developers fix security issues with automated remediation and giving engineering managers and AppSec pioneers full visibility without slowing down delivery.
AI has fundamentally reshaped software development. According to Checkmarx research, 60% of code is now AI-generated, and 98% of organizations have experienced breaches tied to vulnerable code, even though only 18% report having formal governance policies for AI usage. Manual gating processes cannot keep pace, creating bottlenecks that slow prioritization and remediation and leaving a growing volume of issues to identify and resolve.
AI-powered virtual security
“This acquisition propels Checkmarx forward on our path to redefine AppSec through agentic AI that transforms how enterprises secure all of their code, whether it is existing, human-created, or produced through AI-driven development,” said Sandeep Johri, CEO of Checkmarx.
“By acquiring Tromzo, we are integrating the only platform built on a true cognitive architecture capable of enterprise-grade reasoning. We’re offering an AI-powered virtual security assistant to every developer that understands real risk and automates remediation, moving us closer to a world where code is continuously protected and AI becomes an intelligent partner in security.”
Checkmarx released the first of these agents
Built on a cognitive architecture, Tromzo’s agents analyze code, deployment artifacts, and business context to drive high-confidence triage and remediation aligned to enterprise risk models. These capabilities will become a core intelligence layer across Checkmarx One and the Checkmarx Assist family of agents.
Earlier this year, Checkmarx released the first of these agents, Developer Assist, which provides developers with real-time, context-aware guidance as developers code in pioneering IDEs such as Windsurf by Cognition, Cursor, and GitHub Copilot.
Key acquisition highlights
- Autonomous AppSec: The combined capabilities of Checkmarx’s market-pioneering platform and Tromzo’s reasoning-based agents accelerate the shift toward autonomous application security.
- Talent & Leadership: Tromzo founders and AppSec AI pioneers Harshil Parikh and Harshit Chitalia, along with their engineering team, join Checkmarx to drive the future of agentic AI in AppSec.
- Expanded Checkmarx Assist: Tromzo’s reasoning engine will power new Assist agents beginning in early 2026, advancing enterprise-grade AI-powered security.
Agentic AI security solutions
“We built Tromzo with a singular mission: accelerate remediation of the risks that truly matter,” said Harshil Parikh, co-founder of Tromzo. “Joining Checkmarx, the undisputed pioneer in enterprise AppSec, is the perfect acceleration of that mission. By combining our deep reasoning agents with Checkmarx’s reach, scale, and market leadership, we’re delivering the only solution that lets enterprise security teams move fast with enterprise-grade control.”
Together, Checkmarx and Tromzo will empower enterprises to adopt AI coding tools with confidence, backed by agentic AI security solutions that safeguard every line of code from creation through deployment. Visit the Checkmarx blog to learn more.
