Groowe Groowe BETA / Newsroom
⏱ News is delayed by 15 minutes. Sign in for real-time access. Sign in

Apiiro Named a Leader in the Gartner® Magic Quadrant™ for Software Supply Chain Security

globenewswire.com
BLRK BlackRock is mentioned as a Fortune 500 company that relies on Apiiro's technology, indicating a customer relationship but no direct sentiment about BlackRock's performance or stock. SOFI SoFi is mentioned as a Fortune 500 company that relies on Apiiro's technology, indicating a customer relationship but no direct sentiment about SoFi's performance or stock.

Apiiro Named a Leader in the Gartner® Magic Quadrant™ for Software Supply Chain Security NEW YORK, June 22, 2026 (GLOBE NEWSWIRE) -- Apiiro, the Guardian Agent acting as the control plane for Agentic Development Security, today announced that it has been named a Leader in the inaugural Gartner® Magic Quadrant™ for Software Supply Chain Security. The recognition marks Apiiro’s second Gartner Magic Quadrant placement and, in our view, reflects a decisive market shift toward securing the agentic development by seamlessly preventing coding agents from generating risk before vulnerable or non-compliant code and artifacts ever exist.

Every era of security has had a perimeter, and every era has watched that perimeter move from the network to the endpoint to the cloud to the browser. Now, the perimeter is moving again to coding agents.

A Perfect Storm Is Reshaping Agentic Development Security.

While coding agents may write more code, they do not eliminate risk – they shift it and expand it. They introduce more complex business logic, architectural, and compliance risks into code, while creating a new attack surface that targets the software supply chain.

This calls for an industry-wide shift from detecting risk after code and artifacts are created to preventing risk before code and artifacts are created and blocking vulnerable supply chain components.

Two forces are converging to redefine how enterprises design, develop, and deliver secure software in the agentic era. Each one breaks the assumptions that traditional, detection-first AppSec was built on.

The first storm, the “Claude-Storm,” is driven by the explosive adoption of multiple AI coding agents across the enterprise. Claude Code, Cursor, GitHub Copilot, and others now design, write, test, and deploy code to production, producing 5x more code and 10x more risk. At the same time, AI coding agents themselves have become part of the attack surface and prime targets for software supply chain attacks – from poisoned Jira tickets or GitHub issues that shift attacks into the design phase, to malicious skills, vulnerable MCP servers, and compromised extensions.

The second storm, the “Mythos-Storm,” is the rise of offensive AI agents that can discover and exploit vulnerabilities 20x faster than human attackers, compressing the window between when a vulnerability is introduced and when it can be exploited.

Together, they form a perfect storm: coding agents become prime targets, more code and more risk pour in from agentic development, and offensive agents race to exploit it faster than humans can fix it.

On top of these two storms, two trends make the urgency even greater. First, coding agents are moving from local IDEs to cloud-hosted environments, making endpoint controls insufficient. Second, agentic development is shifting from simple prompting to autonomous execution from specs, making the design phase a target for attackers and making pull-request review too late and too slow to serve as the primary gate.

“This perfect storm makes coding agents every attacker’s dream. Every Fortune 500 enterprise we work with has adopted AI coding agents at scale. Those agents are now producing far more code - and far more risk - than any scan-and-triage workflow was ever designed to handle, while offensive AI agents race to exploit vulnerabilities faster than humans can fix them,” said Idan Plotnik, Co-Founder and CEO of Apiiro. “The software supply chain is under threat from AI-generated code across internal packages, open source, secrets, and third-party components. You don’t weather that storm by scanning with more tools. Apiiro Guardian Agent governs coding agents and prevents vulnerable, non-compliant code before it is generated.”

Apiiro Guardian Agent

The Guardian Agent is the control plane for Agentic Development Security. Apiiro Guardian is the AI AppSec Agent that helps CISOs secure everything in the agentic development era. It provides a single security platform to govern and protect multiple AI coding agents – Claude, Gemini, Cursor, and homegrown alike – integrates with the AppSec tools and processes you already run, and progressively consolidates them to reduce risk and cost, and meet compliance at AI speed.

Guardian delivers this through:

The complimentary Gartner Magic Quadrant for Software Supply Chain Security is available here. To see how Apiiro Guardian Agent governs AI coding agents and prevents vulnerable, non-compliant code before it's ever generated, schedule a demo or email guardian@apiiro.com.

Supporting Resources

Gartner, Magic Quadrant for Application Security Testing, By Jason Gross, Mark Horvath, et al., 6 October 2025.

Gartner, Magic Quadrant for Software Supply Chain Security, Aaron Lord, Johnny Walters, Jason Gross, 17 June 2026.

Gartner and Magic Quadrant are trademarks of Gartner, Inc. and/or its affiliates. Gartner does not endorse any company, vendor, product or service depicted in its publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner publications consist of the opinions of Gartner’s business and technology insights organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this publication, including any warranties of merchantability or fitness for a particular purpose. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Apiiro.

About Apiiro

Apiiro Guardian Agent is the control plane for Agentic Development Security. It helps CISOs reduce risk, reduce costs, and meet compliance by seamlessly governing AI coding agents and preventing them from generating vulnerable or non-compliant code before it exists.

Fortune 500 companies, including BlackRock, TIAA, USAA, Bloomberg, SoFi, and Shell, rely on Apiiro’s patented Deep Code Analysis technology to continuously discover, inventory, and visualize their software architecture graph from code to runtime. This enables automated risk assessment, detection, prioritization, and prevention at enterprise scale.

Media Contact:

Bianca Robles

Offleash PR for Apiiro

apiiro@offleashpr.com