IT Brief Asia - Technology news for CIOs & IT decision-makers
Asia
Peter
#
Data Protection
#
Application Security
#
DevSecOps

Secure Code Warrior unveils AI tool to govern code risk

Wed, 18th Mar 2026
Author image
By Mark Tarre, News Chief

Secure Code Warrior has launched SCW Trust Agent: AI, a software governance product that tracks the use of AI coding tools in development and links that usage to software risk when developers commit code.

The product is positioned as a way for organisations to identify which AI models influenced specific code changes and to apply policy controls before code moves further along the delivery pipeline. It also aims to connect AI-influenced changes to vulnerability exposure so teams can intervene earlier.

AI coding assistants have moved from trial deployments to everyday use in many engineering teams. Sonar's 2026 State of Code Developer Survey found 72% of developers use AI coding tools daily. Security and compliance teams worry that faster development cycles can reduce visibility into how code is produced and reviewed, particularly when developers use tools outside approved lists.

SCW Trust Agent: AI is designed as a governance layer within established developer workflows, with visibility and enforcement focused at commit-the point when a developer records a change into version control. Commit is increasingly seen as a practical control point because it creates a durable, auditable record and can serve as a gate before changes are merged into shared branches.

Another driver is the risk of internal policy breaches linked to unsanctioned AI use. Gartner has predicted that by the end of this year, at least 80% of unauthorised AI transactions will result from internal policy violations rather than malicious attacks. That expectation has increased attention on monitoring and controls inside day-to-day employee tools, including software development environments.

SCW Trust Agent: AI records which large language models influenced specific commits. It covers sanctioned models as well as what Secure Code Warrior describes as "Shadow AI" tools that teams may adopt without formal approval. The company says the product supports governance and audit requirements without storing source code or prompts.

Policy controls

The product includes a model assessment component based on Secure Code Warrior's benchmarking data. The data is intended to compare model security and provide a basis for setting approved-use policies, including decisions about which AI tools can be used within development workflows.

A second technical component tracks Model Context Protocol (MCP) servers, which connect AI tools to external systems and data sources. Trust Agent: AI tracks which MCP servers are installed and active, aiming to reduce the risk of AI agents connecting to sensitive internal tools or data sources through unvetted integrations.

The governance approach also extends to risk correlation at commit. The product links AI usage with vulnerability benchmarks and developer skill signals, as measured by Secure Code Warrior's SCW Trust Score. This is intended to support a risk rating and enable policy enforcement before code reaches production.

Secure Code Warrior also highlights an adaptive learning element that correlates AI-generated code with contributors' secure coding skill, then directs training content based on observed risks. The aim is to improve secure coding behaviour across both human-written and AI-influenced code.

"SCW Trust Agent: AI provides organisations the quantitative pathway to effectively measure the risk posture of their development environment in the AI era, whether the contributing 'developer' is human or AI," said Pieter Danhieux, co-founder and CEO of Secure Code Warrior.

More broadly, the company argues that visibility alone does not solve the governance problem. It is emphasising a combination of traceability, policy enforcement, and training signals, with commit as a control point that is close to developer behaviour and still early in the software delivery lifecycle.

"Beginning with comprehensive observability and traceability of AI-generated coding, MCP and AI tool usage, SCW Trust Agent: AI creates a foundation for more effective, adaptive learning that hones in with precision on the most relevant areas and fundamentally changes behaviour among development teams, offsetting the introduction of AI-enabled vulnerabilities over time," said Danhieux.

SCW Trust Agent: AI is available now for Secure Code Warrior customers. It is aimed at organisations seeking stronger oversight of AI-assisted software development and clearer measurement of how AI tooling choices affect security outcomes in production systems.

Related stories
Protegrity launches AI Team Edition for secure inferencing
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding
Testlio launches AI chatbot testing service amid scrutiny
Dropbox launches three apps inside ChatGPT for work

Top stories

TestRail launches AI test script generation in beta
FIRST conference highlights AI & CVE disclosure push
OpenAI expands Codex with desktop & workflow tools
OpenAI launches GPT-Rosalind for life sciences research
Mirantis integrates NVIDIA Run:ai to speed AI deployment