SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Modern corporate soc room with source code graphs and risk heatmaps
#
Application Security
#
DevSecOps
#
Supply Chain

Secure Code Warrior unveils AI code governance tool

Thu, 19th Mar 2026
Author image
By Sofiah Nichole Salivio, News Editor

Secure Code Warrior has launched SCW Trust Agent: AI, a software governance product that records and enforces how AI tools influence code when developers commit changes to a repository.

The company is positioning it as a way for organisations to make AI use in software development visible and attributable, while applying controls before code reaches production.

Trust Agent: AI links specific code commits to specific AI models and connects that AI influence to vulnerability exposure. The goal is to help teams take corrective action earlier in the development lifecycle.

AI code assistants have become part of daily developer workflows. Secure Code Warrior cited Sonar's 2026 State of Code Developer Survey, which found 72% of developers use AI coding tools every day. It also pointed to a Gartner forecast that by the end of this year, at least 80% of unauthorised AI transactions will result from internal policy violations rather than malicious attacks.

In that context, governance has become a core issue for security teams and technology leaders. Many organisations have policies on which AI tools staff can use but struggle to verify compliance in engineering environments. Code reviews also tend to focus on what was written rather than how it was produced.

Commit-level oversight

Trust Agent: AI provides commit-level observability by recording which large language models-both sanctioned tools and so-called shadow AI-influenced specific commits. Secure Code Warrior says the record supports governance and audit requirements without storing source code or prompts.

It also includes what the company calls proprietary security benchmarking for large language models, which it says customers can use to evaluate models and enforce approved AI usage policies based on security performance.

A third capability is model infrastructure discovery. Trust Agent: AI tracks Model Context Protocol servers that are installed and active, providing visibility the company says can help prevent AI agents from accessing internal tools or databases through unvetted connections.

The platform also correlates developer skills and AI usage with vulnerability benchmarks. Secure Code Warrior says it uses a measure it calls the SCW Trust Score to link secure coding skill levels with code risk, and can enforce policy before code reaches production.

Secure Code Warrior also ties the product to training. The platform correlates AI-generated code with contributor skill levels, which it says can trigger relevant training for developers based on observed behaviour.

Security and skills

The rollout comes as security teams try to understand how AI affects software risk. In many organisations, AI-generated code is mixed with human-written code, which can complicate accountability when security issues appear later.

Another concern is tool sprawl. Developers may use multiple AI assistants, some integrated into development environments and others accessed through browser-based interfaces. Organisations also face the prospect of AI agents connecting to internal systems through third-party services or plugins. These patterns make it harder to maintain consistent policies and produce audit evidence.

Secure Code Warrior positions Trust Agent: AI as a way to move from visibility to enforcement within existing development workflows, helping teams assess risk in environments where both humans and AI contribute to code.

"SCW Trust Agent: AI provides organizations the quantitative pathway to effectively measure the risk posture of their development environment in the AI era, whether the contributing 'developer' is human or AI," said Pieter Danhieux, Co-Founder and CEO, Secure Code Warrior.

"Beginning with comprehensive observability and traceability of AI-generated coding, MCP and AI tool usage, SCW Trust Agent: AI creates a foundation for more effective, adaptive learning that hones in with precision on the most relevant areas and fundamentally changes behavior among development teams, offsetting the introduction of AI-enabled vulnerabilities over time," said Danhieux.

Availability

SCW Trust Agent: AI is available to Secure Code Warrior customers.

Related stories
Automotive microcontroller market set to hit USD $15.1bn
Vodafone & Google Cloud launch AI & security tools
ISACA launches AI risk certification amid governance gap
Turning security into a story: How managed service providers use reporting to drive retention and revenue
Barracuda spots 7 million device code phishing attacks

Top stories

AI tools widen cyber attack threat, Flashpoint warns
AI flaws & supply-chain risks top new pentesting report
Exclusive: Google Cloud on the road to autonomous SecOps
Zapier expands AI governance controls for enterprise users
Avatier launches offline card after Stryker cyberattack