Checkmarx launches AI inventory for enhanced application security

Checkmarx has launched Checkmarx AI Inventory within the Checkmarx One platform, adding visibility and tracking for AI components such as models, agents, MCP servers, and libraries used in software development.

  • Tuesday, 30th June 2026 Posted 22 hours ago in by Sophie Milburn

Checkmarx has introduced Checkmarx AI Inventory as part of the Checkmarx One platform. The feature extends existing AI Supply Chain Security capabilities by providing ongoing visibility into AI components used within applications, including models, agents, MCP servers, and libraries.

AI adoption in production environments is increasing quickly, while organisational governance structures are not always keeping pace. Research, including findings from MIT’s Project NANDA, indicates that many employees use personal AI tools at work. In addition, although many development teams expect to deploy AI components by 2026, a substantial proportion currently do not have formal governance processes in place to manage their use.

This gap can create challenges during audits or when responding to customer or regulatory questions about AI model usage. Traditional software tracking methods may not fully address the specific requirements of monitoring AI components.

As part of its AI Supply Chain Security offering, AI Inventory works alongside hybrid scanning engines for Code Security, Runtime Security, and Software Supply Chain Security. It identifies AI components using deterministic analysis and links them to specific files and lines of code to support traceability for audit purposes.

Through a centralised platform, teams can manage AI components across their systems. Key functions include:

  • Mapping and cataloguing AI components such as models and libraries across repositories, with updates applied on each commit
  • Applying policy controls to restrict unapproved AI components from progressing through pull requests and CI/CD pipelines
  • Generating AI-BOM documentation aligned with CycloneDX 1.7 standards for audit and assessment purposes

This inventory is designed to support tracking and documentation of AI components in line with evolving regulatory frameworks such as the EU AI Act and the NIST AI Risk Management Framework.