en.Wedoany.com Reported - Checkmarx has announced the general availability of its Checkmarx AI Inventory feature, part of the Checkmarx One platform, designed to provide enterprises with continuous visibility, policy control, and audit-ready AI-BOM documentation for AI components in production environments.

This product launch comes as generative AI is being deployed into production faster than enterprises can manage it. MIT's Project NANDA study found that over 90% of employees in companies frequently use personal AI tools for work. Checkmarx's research also reveals a similar gap in development pipelines: 70% of teams expect to have AI components in production by the end of 2026, but 43% lack formal governance over which components developers can use. When asked by auditors, customers, or regulators about which AI models are running and their origins, most teams cannot answer. Traditional SBOMs (Software Bill of Materials), built for tracking software packages, cannot be used to track AI components such as models, agents, and MCP servers.

Ori Bendet, Vice President of Product Management at Checkmarx, stated that security teams are being asked to take responsibility for AI they cannot see; the first step in governing AI is not to set policies, but to understand what is actually running in the code. AI Inventory provides teams with a specific inventory of the AI components in use, traceable back to the exact lines of source code.

Checkmarx AI Inventory is part of the AI supply chain security solution within the Checkmarx One platform, complementing the platform's own hybrid scanning engine. This feature detects AI components through deterministic analysis, with each finding traced to a specific file and line number rather than a confidence score—evidence that holds up under audit scrutiny. From a single platform, teams can catalog models, agents, MCP servers, AI libraries, and SDKs in every repository, updating the inventory with each commit; block unapproved AI components in pull requests and CI/CD pipelines; and generate AI-BOM documents exported in CycloneDX 1.7 format. These documents are versioned and traceable to source code, with requirements mappable to the EU AI Act, NIST AI Risk Management Framework, ISO/IEC 42001, and the EU Cyber Resilience Act.

Enterprises from the financial services, technology, logistics, and retail sectors participated in the early adopter program. Early adopters reported that the feature gave them full visibility into which applications have embedded AI components, helping to discover previously untracked models, verify systems of record, and flag unauthorized or suspicious models for review. Additionally, Checkmarx was named a Leader in the inaugural 2026 Gartner Magic Quadrant for Software Supply Chain Security (authors Aaron Lord, Johnny Walters, Jason Gross, June 17, 2026) and cited as a Representative Vendor in the Gartner Innovation Insight: AI Bill of Materials (AIBOMs) Strengthen AI Governance report (authors Manjunath Bhat, Angela Zhao, Aaron Lord, May 27, 2026).

Checkmarx AI Inventory is now available as part of the AI supply chain security module for Checkmarx One. Checkmarx is an agentic application security company whose Checkmarx One platform scans trillions of lines of code annually.

This article is compiled by Wedoany. All AI citations must indicate the source as "Wedoany". If there is any infringement or other issues, please notify us promptly, and we will modify or delete it accordingly. Email: news@wedoany.com