News Voir

Checkmarx One Achieves Industry's Highest Scanning Fidelity, Outperforming Both Legacy Tools and AI Models

known in the industry as an F1 score . AI-accelerated development is driving an unprecedented surge in software vulnerabilities, leaving organizations facing a tsunami of risk that no single scanning approach can address alone. 49% of code in production is AI generated and measurably more insecure, and exploit windows collapsing from months to minutes. Organizations need both the precision of deterministic analysis and the reach of AI. To meet this moment, Checkmarx is introducing a new next generation SAST hybrid scanning engine within Checkmarx One. It combines three layers of protection: a deterministic rules-based foundation refined over two decades of enterprise AppSec; a purpose-tuned LLM engine that extends that proven foundation to any language, including AI-generated code and emerging languages; and the new Finding Analysis Engine (FAE), which confirms true positives and suppresses false ones before a single finding reaches a developer. “ No single approach – rules-based or AI – tells the whole story on its own ,” said Sandeep Johri, CEO of Checkmarx . “ Deterministic scanning has earned its place as the precision standard, and AI extends that reach to code the rules were never written for. But neither alone separates the findings that matter from the ones that don't. At today's volumes, that noise is what slows teams down and drives up cost. Checkmarx One’s hybrid engines bring together the best of both in a fundamentally different architecture .” In head-to-head testing across seven real production codebases, Checkmarx One’s hybrid engine achieved an F1 score of 0.64 – more than three times the 0.20 average across competing approaches that Checkmarx evaluated – while reducing false positives by 60%. The result: teams cut through massive findings volumes to high-confidence signals, focus remediation on what is genuinely exploitable, and stay protected as AI-generated code keeps introducing new risk. Key capabilities of the new Checkmarx One hybrid scanning engine include: Finding Analysis Engine (FAE): Reasons over every raw finding, suppressing false positives and confirming true ones – turning raw signals into high-fidelity results teams can act on immediately. Language-agnostic scanning: Extends proven detection to any language, including AI-generated code, emerging languages, and polyglot codebases (applications that combine multiple programming languages) – closing the new gaps that AI coding assistants introduce without sacrificing precision on established ones. Defensible governance: Board-grade evidence of what is exploitable and what has been resolved, anchored to real attackability rather than raw counts – so leaders can make risk decisions. “ AI has handed developers an unprecedented productivity boost, but independent benchmarks show that even the best models produce insecure code in a third to nearly half of cases – and the tools meant to catch it can burn through compute budgets chasing false positives ,” said Jonathan Rende, Chief Product Officer at Checkmarx . “What teams need isn’t just more findings, it’s confidence and predictability: surfacing the vulnerabilities that truly matter, eliminating the noise, and doing it without blowing past budgets. That’s the assurance Checkmarx One now gives every customer – the highest fidelity in the industry, with the economics to match.” Agentic AppSec Unleashed ’26 on June 16, 2026. About Checkmarx Checkmarx is the leader in agentic application security, delivering enterprise-grade protection while lowering engineering costs and accelerating development velocity. The Checkmarx One platform scans trillions of lines of code each year for companies, cutting vulnerability density by more than half. Its autonomous security agents detect and counter AI-driven threats across the SDLC, providing prevention-first protection for legacy, modern, and AI-generated code at enterprise scale. Follow Checkmarx on  X .   For more information: PR@checkmarx.com