CIO Influence
CIO Influence News Machine Learning Security

42Crunch and GitHub Copilot Bring Deterministic API Security Guardrails to Agentic DevSecOps

by Business Wire
42Crunch and GitHub Copilot Bring Deterministic API Security Guardrails to Agentic DevSecOps

LogoCr1

New API Security Testing Plugin Enables Enterprises to Secure AI-Generated APIs at Machine Speed

42Crunch, the leading API security platform for the agentic era, announced the availability of the 42Crunch API Security Testing Plugin for GitHub Copilot. This latest advance enables developers to continuously audit, test, remediate and validate API security vulnerabilities directly within AI-assisted development workflows.

Also Read: CIO Influence Interview with Hugo Dozois-Caouette, CTO and Co-founder at MaintainX

As agentic workflows become the norm, repository creation, pull request activity, and API usage are all accelerating. On GitHub alone, commits nearly doubled year over year, crossing 1.4 billion per month, plus over 2 billion GitHub Actions minutes a week.

Organizations are struggling to secure their growing API landscape in the face of increasing attacks, with AI’s heavy reliance on APIs compounding this problem. Consequently, one of the key areas of attention for security and engineering teams is the security testing of these APIs.

According to William Dupre, VP Analyst with Gartner®, “building on the testing capabilities in the managing stage, organizations that optimize their API testing capabilities will utilize specifications to further automate API testing. Various API testing tools can use specifications to run functional and security-focused tests against APIs. These efforts will be automated in the build pipeline to provide immediate feedback to development teams on security vulnerabilities in APIs.”1

GitHub CPO Mario Rodriguez said, “As agentic workflows become the norm, repository creation, pull request activity, and API usage are all accelerating with no evidence of slowing down. On GitHub alone, commits nearly doubled year over year, crossing 1.4 billion per month, plus over 2 billion GitHub Actions minutes a week.

To meet this demand and continue to be the home for all developers (and now their agents), our focus is scaling our underlying systems and improving resilience, security and stability across all of our services, at every layer of the stack.”

As reported last year by Veracode, almost half (45%) of AI-generated code contains known OWASP Top 10 vulnerabilities and a survey by security consultancy Upguard revealed that 88% of security leaders admit incorporating unauthorized AI into their daily workflows.

For APIs, the challenge is particularly acute. APIs have become the operational backbone of modern applications, AI agents, and enterprise systems. As developers increasingly rely on AI coding assistants to generate API specifications, integrations, and application logic, manual security reviews risk becoming the very bottleneck that slows enterprise AI adoption.

“The future of software development isn’t simply AI generating more code. It’s AI generating more code that organizations can trust,” said Jacques Declas, CEO of 42Crunch.

“GitHub Copilot and other AI coding assistants are dramatically increasing development velocity, but they are also exposing a fundamental challenge: human security review cannot scale linearly with AI-generated output. Organizations need deterministic security guardrails that can validate, govern, and remediate API security issues at the same speed AI generates them. The 42Crunch API security testing GitHub Copilot plugin delivers exactly that capability,” continued Declas.

The 42Crunch API Security Testing Plugin for GitHub Copilot addresses this challenge by embedding deterministic API security guardrails directly into the development workflow.

The plugin continuously:

  • Audits OpenAPI specifications when new APIs are defined
  • Detects API security vulnerabilities and governance violations
  • Identifies OWASP API Security Top 10 risks
  • Provides AI-assisted remediation guidance
  • Validates fixes through automated testing
  • Enforces organizational API security standards and policies

By automating API security validation, organizations can ensure that security scales alongside AI-assisted development rather than becoming a downstream review process.

Catch more CIO Insights: What Does “Job-Ready” Really Mean in IT and Cybersecurity?

[To share your insights with us, please write to psen@itechseries.com ]

Business Wire, a Berkshire Hathaway company, is the global leader in press release distribution and regulatory disclosure. Public relations, investor relations, public policy and marketing professionals rely on Business Wire for secure and accurate distribution of market-moving news and multimedia. Founded in 1961, Business Wire is a trusted source for news organizations, journalists, investment professionals and regulatory authorities, delivering news directly into editorial systems and leading online news sources via its multi-patented NX network. Business Wire’s global newsrooms are available to meet the needs of communications professionals and news media worldwide.

Related posts

XM Cyber Announces Acquisition of Confluera, Adding Run-Time Protection on Cloud workloads to Extend CNAPP Capabilities

PR Newswire

dotData Announces Automated Feature Engineering On The Databricks Platform

CIO Influence News Desk

MONITORAPP to showcase cloud-based security platform AIONCLOUD at GITEX 2025 – multiple security functions in 1 platform

EIN Presswire