SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Application Security
#
DevSecOps
#
Supply Chain & Logistics

Cycode unveils AI Teammates & real-time runtime protection

Today
Author image
By Catherine Knowles, Journalist

Cycode has announced the introduction of new AI-powered agents and real-time runtime protection designed to address software supply chain security risks and threat detection.

The company's announcement includes the launch of AI Teammates, a framework of autonomous Agentic AI designed to augment human-led application security. These AI Teammates function as members of a security team, tasked with duties spanning remediation, risk intelligence, and impact analysis, aiming to improve workflows and operational effectiveness for organisations managing application security.

According to Cycode, the need for such capabilities has become more urgent in the wake of recent cyber attacks, including incidents targeting the open-source project tj-actions, which exposed key vulnerabilities stemming from a lack of runtime security enforcement within Continuous Integration/Continuous Deployment (CI/CD) pipelines. Cycode indicates that its solution directly addresses this challenge by providing developers with enhanced runtime protection, guarding the integrity of processes during both build and deployment phases.

The AI Teammates framework is comprised of several purpose-built agents. These include the Risk Intelligence Graph Agent, which leverages the company's Risk Intelligence Graph (RIG) to provide in-depth insights across code repositories, build workflows, secrets, dependencies, cloud assets, and more. Another component, the Change Impact Analysis Agent, monitors code changes across pull requests and identifies material changes that may significantly alter an organisation's risk posture.

For vulnerability management, Cycode offers an Exploitability Agent (SAST & SCA) designed to help security teams and developers discern between theoretical vulnerabilities and those that are genuinely exploitable, thereby helping teams prioritise remediation efforts. The Fix & Remediation Agent goes a step further than merely suggesting solutions, analysing root causes, understanding code context, and proposing fixes matched to the organisation's frameworks, coding standards, and conventions.

Central to these AI Teammates is the Model Context Protocol (MCP), which provides the resources and tools necessary for agents to access organisational context, going beyond isolated files or scan results and allowing AI agents to work with a broader understanding of the application environment.

Roni Gurvich, Head of AI at Cycode, commented on the changing landscape faced by security teams: "As the era of the 10X developer accelerates and 'vibe coding' becomes the norm, security teams are drowning in vulnerabilities they can't keep up with. At Cycode, we believe the answer is smarter, autonomous AI agents that work alongside security teams as teammates identify, prioritize, and fix issues before they become threats."

Alongside the AI initiatives, Cycode has also enhanced its ASPM platform with new runtime protection capabilities. The company's CI/MON runtime memory protection is designed to continuously verify the integrity of processes running within builds and deployments in CI/CD environments. This aims to prevent tampering with developer and build systems, even in scenarios where traditional access controls or secrets management may be compromised.

Lior Levy, CEO of Cycode, highlighted the broader significance of these updates: "The recent surge in sophisticated attacks like tj-actions underscores the urgent need for a paradigm shift in application security. With CI/MON runtime protection and our groundbreaking AI Teammates, we're moving beyond reactive measures to empower organizations to proactively defend their software supply chains. This isn't just about finding vulnerabilities; it's about preventing them from being exploited in the first place, and equipping security teams with intelligent, autonomous tools to operate at the speed of modern development."

The company reports that CI/MON runtime memory protection is currently available to eligible customers via Cycode's Complete ASPM platform. AI Teammates are being introduced in phases to early customers throughout this month, with general availability targeted for June.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Armis offers free access to real-time cyber threat database
Mandiant report finds rise in financially motivated cyber attacks
Veeam report finds 69% of firms hit by ransomware in past year
Rapid7 unveils platform to help SOC teams cut through alert noise
IRONSCALES launches Deepfake Protection to fight phishing surge
Top stories
Phishing attacks thrive on human behaviour, not lack of skill
AI use in enterprises soars but brings surge in cyber risks
Yubico & Solvatten boost digital security & clean water
Datadog acquires Metaplane to boost AI & data observability
Veeam partners with CrowdStrike to boost data resilience & security