For most of the last decade, the standard advice in software security was straightforward: catch problems early. Check your code before it ships, run your vulnerability scans before deployment, build security into the development process rather than bolting it on at the end. That principle had a name – Shift Left – and it became the baseline assumption behind most enterprise security tooling.
Cycode’s argument is that Shift Left was designed for a world where humans wrote the code. In the agentic era – where AI coding assistants, autonomous agents and AI-generated code are now part of how enterprise software gets built, writing and deploying at machine speed – the model needs replacing. The result is more code, a wider attack surface and a faster time to exploit.
The company has just launched ADLC Security, a product offering built to secure AI-driven software development across the entire Agentic Development Lifecycle, from the first prompt to runtime. Its stated vision is a self-protecting ADLC: a development environment where security operates with equal autonomy, speed and intelligence as the agents writing the code.
The Dual Problem ADLC Security Addresses
Cycode frames its approach around two sides of the same challenge.
The first is Security for AI: governing and securing the AI layer of the development process itself – which tools developers use, what prompts they run and what code the AI generates. The second is AI for Security: deploying AI agents to automate security work at the speed the agentic era demands. According to Cycode, it’s currently the only vendor addressing both sides of that equation within a single platform.
Lior Levy, Co-Founder and CEO of Cycode, put the underlying argument plainly at launch: “Shift Left is dead. The agentic era requires the Shift to AI. Security cannot stand downstream, bracing against AI. It must evolve with AI and operate in parallel with equal autonomy, speed, and intelligence as the agents writing code and exploits. ADLC Security is how we make that real for our customers.”
Alongside the product launch, Levy published a manifesto titled ‘Shift to AI: A Manifesto for Self-Protecting Software’, setting out the three tenets underpinning Cycode’s approach: Control, Context, and Autonomy.
What ADLC Security Actually Does
ADLC Security is built around four core capabilities. AI Visibility automatically discovers shadow AI tools, coding assistants and Model Context Protocol (MCP) servers across the development environment, giving security teams a clear picture of what AI is actually in use – including unapproved tools that exist outside standard oversight.
AI Governance enforces policy-driven control over which AI tools and models developers can use, with full AI Bill of Materials (AIBOM) coverage for compliance frameworks including SSDF, NIST, SOC2 and ISO 27001. AI Guardrails blocks risky patterns and prompt-leaking secrets in real time at the IDE and command line interface level, stopping unsafe outputs before they enter the codebase. AI Risk Detection scans application code for OWASP LLM Top 10 vulnerabilities – the class of AI-specific security weaknesses that legacy Static Application Security Testing (SAST) tools were not built to identify.
More from Cybersecurity
- Lyrie.ai Deploys Real-Time Zero-Day Tracking Across Global Enterprise Infrastructure
- Part 1: Is This The End Of World Password Day? Experts Weigh In
- Experts Comment: Has The AI Race Made The World Less Safe?
- ShinyHunters Just Hacked Rockstar Through A Supplier – Every Business Using Third-Party Software Should Pay Attention
- Is Vibe Coding Safe Or A Cybersecurity Disaster Waiting To Happen?
- Anthropic Is Taking On Cybersecurity With AI, And It Has Brought Apple and Amazon Along For The Ride
- External Attack Surface Management And Why It Matters For Startups
- SpyCloud’s 2026 Identity Exposure Report Reveals Explosion Of Non-Human Identity Theft
The Platform Architecture
Every signal from ADLC Security feeds into Cycode’s Context Intelligence Graph (CIG), a semantic, relational and temporally-aware layer that powers AI reasoning across the platform. Cycode Maestro, its agentic security orchestration engine, then handles triage, prioritisation, remediation and prevention automatically. The result is a platform that brings together AI Code Security, Software Supply Chain Security, Risk Posture Management and ADLC Security under a single graph and a single agentic engine.
Katie Norton, Research Manager at IDC, noted the significance of the launch: “Agentic development is giving rise to a new paradigm for software delivery – the Agentic Development Life Cycle – and introducing a new risk profile for enterprise security teams. As delivery becomes more automated and autonomous, organisations need security platforms purpose-built for these workflows. Solutions such as Cycode are addressing these requirements by connecting AI governance, application security controls, and remediation capabilities in a single, integrated offering.”
Credentials And Customer Base
Cycode already has a track record in enterprise application security that gives the launch context.
The company was ranked number one for Software Supply Chain Security in Gartner’s 2025 Critical Capabilities for Application Security Testing, recognised as a Leader in the 2025 IDC ASPM MarketScape and named a Leader in the 2025 Frost Radar for Application Security Posture Management across both Innovation and Growth. Its customer base includes global enterprises across finance, retail, manufacturing and software – including multiple Fortune 500 companies.
ADLC Security is generally available now to all Cycode customers. More information and demo requests at cycode.com.
