Cycode, the Complete Application Security Posture Management (ASPM) platform, today announced two major advancements to proactively defend against software supply chain threats and the ever-expanding attack surface: real-time runtime protection via CI/MON memory integrity monitoring, and the launch of a first-of-its-kind Application Security Agentic AI framework known as AI Teammates. These innovations mark a significant leap in the industry’s ability to detect, prevent, and respond to sophisticated attacks like the recent tj-actions-style breaches that compromised CI/CD infrastructure and developer credentials.
From Copilot to Crew: Meet Your AI Teammates
Cycode is introducing AI Teammates—a new generation of Agentic AI that augments human-led application security with action-oriented agents for the most common and high-impact workflows. Where previous AI integrations focused on copilots and assistants, Cycode’s AI Teammates operate like members of your security crew: informed, autonomous, and able to carry out tasks across detection, prioritization, and remediation.
The first cohort of Cycode AI Teammates includes:
Risk Intelligence Graph Agent – The agent taps directly into Cycode’s Risk Intelligence Graph (RIG) to provide hard-to-find answers across code repositories, build workflows, secrets, dependencies, cloud assets, and more.
Change Impact Analysis Agent – Monitors code changes across pull requests and detects material changes that significantly alter risk posture.
Exploitability Agent (SAST & SCA) – Enables security teams and developers to distinguish between theoretical vulnerabilities and truly exploitable ones that are buried in scan results.
Fix & Remediation Agent – Goes beyond “suggesting a fix” and instead analyzes the root cause, understands the surrounding context, and proposes code fixes that match your frameworks, coding patterns, and even variable naming.
Model Context Protocol (MCP) – The resource and tools layer that equips the AI Teammates with the data and capabilities needed to perform their goal. It enables every teammate to reason with full organizational context, not just isolated files or scan results. Think of it as the “operating system” for your AI teammates.
“As the era of the 10X developer accelerates and ‘vibe coding’ becomes the norm, security teams are drowning in vulnerabilities they can’t keep up with. At Cycode, we believe the answer is smarter, autonomous AI agents that work alongside security teams as teammates identify, prioritize, and fix issues before they become threats,” said Roni Gurvich, Head of AI at Cycode.
Preventing the Next Wave of Supply Chain Breaches with CI/MON Runtime Protection
Recent attacks like those targeting tj-actions have exposed critical vulnerabilities in the modern software supply chain: the lack of runtime security enforcement inside the CI/CD pipeline. In response, Cycode has strengthened its Complete ASPM platform with additions to CI/MON with runtime memory protection. This capability continuously verifies the integrity of processes running during builds and deployments—ensuring developers and build systems cannot be tampered with, even when traditional access controls or secrets management fail.
“The recent surge in sophisticated attacks like tj-actions underscores the urgent need for a paradigm shift in application security,” says Lior Levy, CEO of Cycode. “With CI/MON runtime protection and our groundbreaking AI Teammates, we’re moving beyond reactive measures to empower organizations to proactively defend their software supply chains. This isn’t just about finding vulnerabilities; it’s about preventing them from being exploited in the first place, and equipping security teams with intelligent, autonomous tools to operate at the speed of modern development.”
Availability
CI/MON runtime memory protection is available today via Cycode’s Complete ASPM platform for all eligible customers. AI Teammates are rolling out in phased releases with early customers beginning this month, with general availability expected by June of this year.
About Cycode
Cycode’s Complete ASPM provides security and development teams with complete visibility and actionable context to identify, prioritize, and fix the application risks that matter. Its high-fidelity context comes through its own proprietary scanners, complemented by its open platform integrating third-party tools for a holistic view of your security posture. It’s the only ASPM solution that can go from ‘instant on’ risk detection, to contextualizing risk through Change Impact Analysis (CIA), and streamlining remediation — so you can eliminate visibility gaps, fix faster, and reduce costs from the start.
Backed by tier–one investors Insight Partners and YL Ventures, the series–B company has raised $80 million and boasts a number of the top global Fortune 100 customers
