Cycode launches agentic development lifecycle security

Cycode has launched Agentic Development Lifecycle Security, expanding its software security platform into AI-driven software development.

The new offering is designed to address risks linked to coding assistants, autonomous agents and AI-generated code. It covers the development process from prompt to runtime and adds controls over the AI tools used within software teams.

The launch reflects a wider shift in software development as AI systems take on more of the work of writing, testing and deploying code. That change is also creating new openings for attackers, who are using AI to find and exploit weaknesses faster than older security processes were built to handle.

Cycode groups its approach into four areas: visibility, governance, guardrails and risk detection. The system can identify unapproved AI tools and Model Context Protocol servers in development environments, apply policy controls to AI models and generated code, block prompts that expose secrets, and scan code for vulnerabilities linked to large language models.

Those signals also feed into Cycode's wider platform, which uses a context graph and orchestration engine to prioritise and remediate security issues. Cycode argues that security teams now need systems that work alongside AI-assisted development rather than relying on checks late in the software process.

Industry analysts have pointed to the same shift. "Agentic development is giving rise to a new paradigm for software delivery, the Agentic Development Life Cycle, and introducing a new risk profile for enterprise security teams," said Katie Norton, Research Manager at IDC. "As delivery becomes more automated and autonomous, organizations need security platforms purpose-built for these workflows. Solutions such as Cycode are addressing these requirements by connecting AI governance, application security controls, and remediation capabilities in a single, integrated offering."

Broader platform

The launch adds a new layer to Cycode's existing platform, which already combines AI code security, software supply chain security and risk posture management. It described the new product as part of a broader model that brings those functions together in a single system for monitoring and response.

Cycode framed that as a response to the spread of AI across development teams, where code can now be generated and deployed at machine speed. In that environment, traditional static testing tools may miss AI-specific flaws, including weaknesses described in the OWASP Top 10 for large language model applications.

One practical focus is governance. Organisations adopting AI coding tools are increasingly concerned about unauthorised use, data leakage in prompts and the provenance of generated code. Cycode said its system includes what it calls an AI Bill of Materials to help customers track the models and tools used in development and support compliance work tied to frameworks such as SSDF, NIST, SOC2 and ISO 27001.

Market pressure

The launch comes as security suppliers compete to define how application security should adapt to AI-assisted development. Vendors across the sector are adding products aimed at both securing AI systems and using AI to automate security work, while Cycode says it addresses both parts of that market in a single platform.

Cycode has also sought to build momentum through analyst recognition. It said Gartner ranked it first for software supply chain security in the 2025 Critical Capabilities for Application Security Testing report, while IDC named it a Leader in the 2025 ASPM MarketScape and Frost & Sullivan named it a Leader in the 2025 Frost Radar for Application Security Posture Management.

Lior Levy, Cycode's co-founder and chief executive, set out the company's position in direct terms. "Shift Left is dead. The agentic era requires the Shift to AI. Security cannot stand downstream, bracing against AI. It must evolve with AI and operate in parallel with equal autonomy, speed, and intelligence as the agents writing code and exploits," he said. "ADLC Security is how we make that real for our customers. We control the agent before the agent shapes the code and then actively adapt to emerging risks to prevent them. That is what the agentic era demands."

Cycode said the product is now generally available.