ArmorCode, a provider of AI-powered Application Security Posture Management (ASPM), announced new application security and remediation advancements at Black Hat USA 2025 to address risks from AI-generated code and support compliance with regulations such as the Cyber Resilience Act (CRA).

Enterprises are increasingly adopting AI-generated code, which presents security challenges including high volume, complexity, insecure logic, untracked runtime assets, and alert fatigue. ArmorCode’s AI capabilities, featuring Anya, an agentic AI virtual security champion for application security, are built on a data foundation of over 40 billion processed findings and more than 320 integrations. This foundation supports correlation and automated risk remediation across the security lifecycle. Anya’s new AI-driven remediation capabilities, combined with Model Context Protocol (MCP) server enhancements and software supply chain security (SSCS) capabilities, aim to provide the visibility, scale, and automated governance needed to identify, prioritize, and mitigate these emerging risks.

ArmorCode integrates Anya with enhanced AI remediation and its proprietary AI Code Insights to deliver contextual, code-specific remediation guidance. By analyzing an organization’s code repositories through Code Insights, Anya generates remediation instructions tailored to the specific environment. Security teams and developers can interact with Anya through natural language to explore remediation options, understand vulnerability impact, and inquire about implementation details. This approach is designed to reduce Mean Time to Remediation (MTTR) by 80% through intelligent remediation that is applicable to an organization’s code.

The ArmorCode Model Context Protocol (MCP) Server offers a standardized interface, enabling MCP-compatible large language models (LLMs) such as Claude, ChatGPT, and GitHub Copilot to programmatically access security data. By implementing MCP, ArmorCode makes its unified security intelligence, including vulnerabilities, risk scores, and remediation workflows, available as structured data for LLMs to query. This functionality ensures that AI assistants can provide accurate, context-aware security guidance based on real-time AppSec data when queried about an organization’s security posture.

ArmorCode’s software supply chain module provides visibility into component usage across an organization’s portfolio. It enriches traditional vulnerability data with quality metrics, security posture assessments, and health indicators to identify risks proactively. The platform automates the generation of composite software bill of materials (SBOMs) and supports CRA compliance through integrated Vulnerability Exploitability eXchange (VEX) capabilities. This feature is relevant for organizations selling software in Europe, where the CRA mandates vulnerability disclosure and continuous security updates throughout a product’s lifecycle.

Mark Lambert, Chief Product Officer of ArmorCode, stated, “Organizations are rapidly adopting AI code assistants to achieve efficiencies, but the sheer volume and velocity of code being produced creates exponential security risks to manage. Traditional security approaches can’t keep up with AI-powered development, so AI is needed to scale with AI. That’s why Anya, our agentic virtual security champion, is essential. At ArmorCode, we’re continuously innovating to help security teams harness the power of AI, not just to keep pace but to get ahead. From contextual AI remediation to MCP-enabled LLM integration, we’re accelerating our customers into a future where security scales seamlessly with development. This vision is already being realized within the ArmorCode platform.”

These new innovations are currently available in the ArmorCode ASPM Platform and will be showcased live at the Black Hat USA 2025 conference in booth #1461. As a Purple Book Community (PBC) diamond sponsor, ArmorCode will also participate in the PBC Connect – Black Hat event on Wednesday, August 6th. This event brings together security industry leaders and AppSec practitioners for networking and discussions, including how AI is influencing the AppSec landscape and preparing for Cyber Resilience Act deadlines. Further information about ArmorCode’s AI Code Insights and Anya is available at www.armorcode.com/meet-anya.

ArmorCode aims to empower security teams with an independent governance approach to reduce risk and address critical security technical debt. Its AI-powered ASPM Platform, which leverages over 40 billion findings from more than 320 ecosystem integrations, offers a single view of risk across applications, infrastructure, containers, and cloud environments. The platform unifies and normalizes findings, correlates them with business context and threat intelligence through adaptive risk scoring, and orchestrates security workflows for remediation. ArmorCode supports unified visibility, AI-enhanced prioritization, remediation, and scalable automation, enabling customers to gain a comprehensive understanding of risk, respond at scale, and collaborate effectively. Enterprises, including Fortune 1000 companies, use ArmorCode to enhance security effectiveness and maximize ROI on existing security investments by managing Application Security Posture, Risk-Based Vulnerability Management, Software Supply Chain Security, DevSecOps, and Risk & Compliance. More information can be found at www.armorcode.com.