-- Scribe Security announced the launch of its Agentic Application Security (AppSec) workflows , designed to address the growing risks posed by AI-generated code and complex software supply chains. The new agentic workflows build on Scribe’s evidence-based security platform, extending its capabilities with automated, AI-driven remediation tools.
Photo Courtesy of: Scribe Security
With the adoption of AI coding assistants such as Copilot,Cursor and other vibe coding tools, projected to contribute to more than 50% of production code by 2025, organizations are facing an increase in vulnerabilities, misconfigurations, and insecure dependencies. These issues, if unchecked, can quickly multiply across modern continuous integration and delivery (CI/CD) pipelines.
The Agentic AppSec workflows introduce automated evidence collection, continuous verification, and a set of intelligent agents designed to triage, remediate, and document risks at developer speed. By capturing signed attestations and provenance data at every stage of the software development lifecycle (SDLC), the agentic workflows enable security teams to keep pace with modern application development..
Rubi Arbel, CEO of Scribe Security, said: “Development speed has outpaced traditional security practices. Our new AI agentic workflows, based on networks of agents, provide the ability to mitigate and remediate at scale risks introduced by developers and AI alike. ,The agentic workflows built around Scribe’s existing continuous assurance platform, enhanced with specialized AI-driven networks of agents that work from a unified, tamper-proof knowledge graph of the SDLC. ScribeHub features include:
- Automated Evidence Collection: Integration with repositories, build systems, and registries to collect SBOMs, scanner outputs, and pipeline metadata.
- Provenance Verification: Signed attestations and in-toto/SLSA provenance records at each development stage.
- Knowledge Graph: A searchable, encrypted graph database linking artifacts, policies, identities, and actions.
- Policy-as-Code Guardrails: Automated enforcement of organizational and regulatory security requirements.
- Agentic AI Workflows:
- Heyman – contextual triage and coordination through a conversational interface.
- Remus – generation of secure pull requests for vulnerable code and configurations.
- Docktor – automated analysis and hardening of Dockerfiles.
- Compy – mapping of evidence to compliance frameworks such as SLSA, SSDF, FedRAMP, PCI, and CRA.
- Eva – continuous assurance that evidence is collected and signed across the SDLC.
Global cybersecurity spending is forecast to grow from $262 billion in 2025 to more than $350 billion by 2030, with supply chain security identified as a top investment area. Regulatory frameworks in the United States, Europe, and Japan are increasingly mandating software transparency, including Software Bills of Materials (SBOMs) and verifiable provenance records.
The Scribe framework is designed to help organizations meet these requirements without slowing down development. By integrating evidence collection and compliance mapping into standard workflows, companies can reduce audit preparation times, improve remediation speed, and maintain consistent release cadences.
Arbel added: “AI-generated automatic fixes work well when tied to verified evidence and based on context. By augmenting AppSec and DevOps teams with AI agentic workflows that do the heavy lifting for them at scale, such as automated remediation, we allow AppSec to keep pace with AppDev.
Outcomes for Security and Development Teams
Early deployments of Scribe’s platform have reported:
- A reduction in non-actionable alerts by up to 70% through contextual triage.
- Audit preparation times shortened by more than 60% via continuously generated, signed reports.
- Mean time to remediation cut from weeks to hours for recurring findings such as dependency updates and configuration corrections.
By embedding security controls within the development lifecycle, the framework supports both Chief Information Security Officers (CISOs) under regulatory pressure and developers who need to ship software quickly without bypassing controls.
About Scribe Security
Scribe Security is a software supply chain security company headquartered in Tel Aviv, Israel. Founded by veterans of the Israeli cybersecurity ecosystem, Scribe provides an evidence-based security platform that protects code, pipelines, and deployments from tampering and compliance failures. Its platform integrates with major development tools and cloud environments, enabling organizations to implement continuous assurance through automated evidence collection, provenance verification, and AI-driven remediation.
Contact Info:
Name: Marina Rodin
Email: Send Email
Organization: Scribe Security
Website: https://scribesecurity.com
Release ID: 89171933
Google
RSS