Checkmarx announced a significant expansion of its agentic application security capabilities with the acquisition of Tromzo, a Silicon Valley startup known for its AI native autonomous triage and remediation technology.
The deal brings Tromzo’s engineering team, including founders Harshil Parikh and Harshit Chitalia, directly into Checkmarx’s product and engineering organization, marking a significant move in the race to build enterprise-grade autonomous security agents.
The acquisition is positioned as a significant inflection point for the broader AppSec market, as organizations increasingly depend on AI-generated code and face rising volumes of security issues that traditional manual processes cannot handle at scale. Checkmarx said Tromzo’s cognitive architecture and reasoning engine will become an intelligence layer across the Checkmarx One platform and will power new Assist agents starting in early 2026. The company stated that combining its platform with Tromzo’s technology will accelerate the shift toward fully autonomous application security, capable of continuously identifying, reasoning through, and remediating vulnerabilities.
The announcement arrives as enterprises are adopting AI coding tools at unprecedented rates. Checkmarx research cited in the release shows that sixty percent of code is now AI-generated, and nearly all organizations surveyed have experienced breaches linked to vulnerable code. Only a small portion reported having formal governance policies for AI usage, leaving growing gaps in prioritization, oversight, and remediation. The integration of Tromzo aims to address these challenges by providing developers with real-time, context-aware security support through AI-powered virtual security assistants.
Tromzo’s technology analyzes code, deployment artifacts, and business context to determine which risks matter most and provides automated fixes. These capabilities complement the Checkmarx Assist suite, which already includes Developer Assist. This agent provides developers with guidance directly in IDEs such as Windsurf by Cognition, Cursor, and GitHub Copilot.
The combined organization aims to provide enterprises with an end-to-end autonomous AppSec solution that protects code from creation through deployment by bringing deep reasoning, automated remediation, and enterprise-scale risk modeling into a unified security architecture.
KEY QUOTES
“This acquisition propels Checkmarx forward on our path to redefine AppSec through agentic AI that transforms how enterprises secure all of their code, whether it is existing, human-created, or produced through AI-driven development. By acquiring Tromzo, we are integrating the only platform built on a true cognitive architecture capable of enterprise-grade reasoning. We’re offering an AI-powered virtual security assistant to every developer that understands real risk and automates remediation, moving us closer to a world where code is continuously protected and AI becomes an intelligent partner in security.”
Sandeep Johri, CEO of Checkmarx
“We built Tromzo with a singular mission: accelerate remediation of the risks that truly matter. Joining Checkmarx, the undisputed leader in enterprise AppSec, is the perfect acceleration of that mission. By combining our deep reasoning agents with Checkmarx’s reach, scale, and market leadership, we’re delivering the only solution that lets enterprise security teams move fast with enterprise-grade control.”
Harshil Parikh, Co-Founder of Tromzo
