Checkmarx, a global leader in agentic application security, announced its acquisition of Tromzo, a Silicon Valley-based pioneer in AI-native autonomous security agents, marking a significant step towards accelerating the delivery of AI agents that understand enterprise risk and automate remediation.
The acquisition is designed to enhance the Checkmarx One platform and expand the Checkmarx Assist family of AI agents. Tromzo’s technology and its engineering team, including founders Harshil Parikh and Harshit Chitalia, will integrate into Checkmarx’s product and engineering organization, contributing to advancements in application security.
Tromzo’s capabilities are developed to mitigate risk and improve productivity by facilitating the automated remediation of security issues for developers. This also provides engineering managers and AppSec leaders with comprehensive visibility without impeding delivery timelines.
The landscape of software development has been significantly reshaped by artificial intelligence. According to Checkmarx research, AI now generates 60% of code, and 98% of organizations have experienced security breaches linked to vulnerable code. Despite this, only 18% report having formal governance policies for AI usage. Manual security processes often struggle to keep pace, creating bottlenecks in prioritization and remediation, which results in a growing volume of unresolved security issues.
Sandeep Johri, CEO of Checkmarx, stated, “This acquisition propels Checkmarx forward on our path to redefine AppSec through agentic AI that transforms how enterprises secure all of their code, whether it is existing, human-created, or produced through AI-driven development.” He added that integrating Tromzo’s platform, built on a cognitive architecture capable of enterprise-grade reasoning, will offer an AI-powered virtual security assistant to every developer, automating remediation and moving closer to continuous code protection with AI as an intelligent security partner.
Tromzo’s agents, built on a cognitive architecture, analyze code, deployment artifacts, and business context to facilitate high-confidence triage and remediation aligned with enterprise risk models. These capabilities are slated to become a core intelligence layer across the Checkmarx One platform and the Checkmarx Assist family of agents. Checkmarx previously released Developer Assist earlier this year, providing real-time, context-aware guidance within leading IDEs such as Windsurf by Cognition, Cursor, and GitHub Copilot. New Assist agents, powered by Tromzo’s reasoning engine, are anticipated to launch in early 2026.
Harshil Parikh, co-founder of Tromzo, commented, “We built Tromzo with a singular mission: accelerate remediation of the risks that truly matter.” He noted that joining Checkmarx offers an ideal acceleration of that mission, combining deep reasoning agents with Checkmarx’s market leadership to deliver a solution that enables enterprise security teams to move swiftly with enterprise-grade control.
The combined efforts of Checkmarx and Tromzo aim to enable enterprises to confidently adopt AI coding tools, supported by agentic AI security solutions designed to safeguard every line of code from its creation through deployment.
