Checkmarx gains deep expertise and technology to deliver industry’s first enterprise-grade reasoning and autonomous triage
Checkmarx, the global leader in agentic application security, today announced its acquisition of Tromzo, a pioneer in AI-native autonomous security agents. The deal marks a major leap forward in autonomous AppSec, accelerating the delivery of AI agents that understand real enterprise risk, reason across complex software ecosystems, and remediate continuously with precision. Tromzo’s technology and world-class engineering team will enhance the Checkmarx One platform and expand the Checkmarx Assist family of AI agents.
Tromzo founders Harshil Parikh and Harshit Chitalia, along with their entire AI engineering team, will join Checkmarx’s product and engineering organization. Tromzo’s capabilities are designed to reduce risk while dramatically increasing productivity by helping developers fix security issues with automated remediation and giving engineering managers and AppSec leaders full visibility without slowing down delivery.
AI has fundamentally reshaped software development. According to Checkmarx research, 60% of code is now AI-generated, and 98% of organizations have experienced breaches tied to vulnerable code, even though only 18% report having formal governance policies for AI usage. Manual gating processes cannot keep pace, creating bottlenecks that slow prioritization and remediation and leaving a growing volume of issues to identify and resolve.
“This acquisition propels Checkmarx forward on our path to redefine AppSec through agentic AI that transforms how enterprises secure all of their code, whether it is existing, human-created, or produced through AI-driven development,” said Sandeep Johri, CEO of Checkmarx. “By acquiring Tromzo, we are integrating the only platform built on a true cognitive architecture capable of enterprise-grade reasoning. We’re offering an AI-powered virtual security assistant to every developer that understands real risk and automates remediation, moving us closer to a world where code is continuously protected and AI becomes an intelligent partner in security.”
Built on a cognitive architecture, Tromzo’s agents analyze code, deployment artifacts, and business context to drive high-confidence triage and remediation aligned to enterprise risk models. These capabilities will become a core intelligence layer across Checkmarx One and the Checkmarx Assist family of agents. Earlier this year, Checkmarx released the first of these agents, Developer Assist, which provides developers with real-time, context-aware guidance as developers code in leading IDEs such as Windsurf by Cognition, Cursor, and GitHub Copilot.
Key Acquisition Highlights
Autonomous AppSec: The combined capabilities of Checkmarx’s market-leading platform and Tromzo’s reasoning-based agents accelerate the shift toward autonomous application security.
Talent & Leadership: Tromzo founders and AppSec AI leaders Harshil Parikh and Harshit Chitalia, along with their engineering team, join Checkmarx to drive the future of agentic AI in AppSec.
Expanded Checkmarx Assist: Tromzo’s reasoning engine will power new Assist agents beginning in early 2026, advancing enterprise-grade AI-powered security.
“We built Tromzo with a singular mission: accelerate remediation of the risks that truly matter,” said Harshil Parikh, co-founder of Tromzo. “Joining Checkmarx, the undisputed leader in enterprise AppSec, is the perfect acceleration of that mission. By combining our deep reasoning agents with Checkmarx’s reach, scale, and market leadership, we’re delivering the only solution that lets enterprise security teams move fast with enterprise-grade control.”
Together, Checkmarx and Tromzo will empower enterprises to adopt AI coding tools with confidence, backed by agentic AI security solutions that safeguard every line of code from creation through deployment.
