ArmorCode advances AppSec with AI remediation for AI code and CRA compliance

ArmorCode announced application security and remediation advancements to help customers address risks posed by AI-generated code and applications, along with imminent compliance demands from regulations including the Cyber Resilience Act (CRA).

As enterprises adopt AI-generated code, security teams struggle with the unprecedented volume, complexity, and hidden risks this new wave of automated development introduces including insecure logic, untracked runtime assets, and overwhelming alert fatigue. ArmorCode’s AI capabilities, featuring Anya, are built on a data foundation of over 40 billion processed findings with more than 320 integrations. This enables correlation and accelerated, automated risk remediation across the entire security lifecycle.

Anya’s new AI-driven remediation capabilities, combined with Model Context Protocol (MCP) server enhancements and software supply chain security (SSCS) capabilities, provide the visibility, scale, and automated governance needed to proactively identify, prioritize, and mitigate these emerging risks.

Next-generation AI remediation: Anya and Code Insights unite

ArmorCode combines Anya with enhanced AI remediation capabilities and its proprietary AI Code Insights to deliver contextual, code-specific remediation guidance. By understanding the context of an organization’s code repositories through Code Insights, Anya generates remediation instructions tailored to the specific environment rather than generic fixes.

Security teams and developers can engage Anya in natural conversation to explore remediation options, understand vulnerability impact, and get answers about implementation details, all grounded in data from the broadest available security tool integrations. This delivers an 80% reduction in Mean Time to Remediation (MTTR) through intelligent remediation that’s immediately applicable to an organization’s code, not just theoretically correct.

Model Context Protocol (MCP) server: Contextual security data for AI-powered automation

ArmorCode’s MCP Server provides a standardized interface that enables any MCP-compatible LLM (e.g., Claude, ChatGPT, GitHub Copilot) to programmatically access security data. By implementing Model Context Protocol, ArmorCode makes its unified security intelligence, including vulnerabilities, risk scores, and remediation workflows, available as structured data that LLMs can query and reason over.

When the AI assistant is asked about an organization’s security posture, it pulls real-time data from ArmorCode to ground its responses in actual risk factors. This ensures the AI assistant delivers accurate, context-aware security guidance based on comprehensive AppSec data.

Strengthening software supply chain security (SSCS)

ArmorCode’s software supply chain module provides visibility into component usage across an organization’s portfolio, enriching traditional vulnerability data with quality metrics, security posture assessments, and health indicators to identify risks before they become exploitable vulnerabilities. The platform automates the generation of composite software bill of materials (SBOMs) and supports CRA compliance through integrated Vulnerability Exploitability eXchange (VEX) capabilities. This is critical for any organization selling software in Europe, where CRA mandates vulnerability disclosure and continuous security updates throughout a product’s lifecycle. By uniting proactive component risk assessment with automated compliance reporting, ArmorCode transforms supply chain security from reactive CVE scanning into strategic risk management that addresses both security and regulatory requirements.

“Organizations are rapidly adopting AI code assistants to achieve efficiencies, but the sheer volume and velocity of code being produced creates exponential security risks to manage,” said Mark Lambert, Chief Product Officer of ArmorCode.

“Traditional security approaches can’t keep up with AI-powered development, so AI is needed to scale with AI. That’s why Anya, our agentic virtual security champion, is essential. At ArmorCode, we’re continuously innovating to help security teams harness the power of AI, not just to keep pace but to get ahead. From contextual AI remediation to MCP-enabled LLM integration, we’re accelerating our customers into a future where security scales seamlessly with development. This vision is already being realized within the ArmorCode platform,” Lambert concluded.