Salt Safety has launched Salt Code, a instrument designed to implement safety insurance policies inside AI coding assistants. The product extends the corporate’s Agentic Safety Platform into software program improvement workflows.
Salt Code applies inside safety and compliance guidelines on the level the place builders generate code with assistants resembling Claude Code, Cursor, GitHub Copilot, Windsurf, Codex and Gemini CLI. It’s designed to present safety groups a single coverage layer throughout code creation, pipeline checks and runtime monitoring.
The launch comes as AI coding assistants account for a rising share of software program improvement in giant corporations. Salt cited figures exhibiting GitHub Copilot is deployed at 90% of Fortune 100 corporations, whereas GitHub has stated AI assistants now generate 46% of code written by builders on its platform.
That progress has heightened issues about software program flaws launched by machine-generated code. Salt pointed to Veracode analysis that discovered 45% of AI-generated code samples for security-sensitive duties launched vulnerabilities from the OWASP High 10, and to evaluation from CodeRabbit that discovered AI pull requests contained 2.74 occasions extra vulnerabilities than human-written ones.
Coverage layer
On the centre of the brand new product is Salt’s Posture Governance Engine, which serves as a typical set of insurance policies throughout totally different levels of improvement and deployment. The identical coverage mannequin may be utilized to generated code, management aircraft settings and runtime behaviour, in accordance with the corporate.
The instrument connects to coding assistants by means of the Mannequin Context Protocol, an open normal first developed by Anthropic and adopted by a number of main AI suppliers. Salt stated this method is meant to let the product work throughout MCP-compatible assistants and code evaluation workflows quite than tie prospects to a single vendor.
Salt Code additionally contains pre-built insurance policies overlaying the OWASP API High 10, MCP Safety High 10, LLM Safety High 10 and OpenAPI or Swagger compliance, alongside help for company-specific guidelines. In follow, this implies safety groups can outline requirements in a single place and apply them to builders utilizing totally different AI instruments.
Lifecycle protection
Salt described the product as spanning 5 levels of the event lifecycle. It begins with discovery of APIs, MCP servers and AI agent integrations throughout repositories and cloud environments, then applies coverage checks throughout code technology.
These checks prolong into CI/CD pipelines, the place coverage violations may be blocked earlier than software program reaches manufacturing. The ultimate levels cowl monitoring in dwell environments and feeding findings again into improvement workflows.
The runtime component attracts on Salt’s current monitoring engine to trace APIs, brokers and MCP integrations as soon as methods are deployed. The corporate added that remediation options are designed to show runtime findings into fixes for builders and AI assistants, though some automation capabilities are due later this 12 months.
Salt stated the product is usually obtainable for a broad vary of AI coding assistants, together with Claude Code, Cursor, GitHub Copilot, Windsurf, Kiro, Codex, Gemini CLI and Antigravity. It additionally integrates with supply management, improvement and pipeline instruments together with GitHub, GitLab, Bitbucket, VS Code and different IDEs that help MCP server configuration, in addition to main CI/CD platforms.
Workflow integrations with Jira and ServiceNow are additionally included, permitting findings to be routed into current ticketing methods utilized by safety and operations groups. Present prospects will obtain Salt Code as a part of their current licence, in accordance with the corporate.
Market stress
Safety distributors have been shifting to handle the dangers linked to AI-assisted software program improvement as adoption rises throughout giant organisations. Conventional static and dynamic testing instruments often analyse code after it has been written, which might make issues extra expensive to repair if flawed patterns have unfold by means of a mission.
Salt is positioning the brand new product round earlier intervention, arguing that coverage enforcement ought to occur when code is created quite than after it enters testing and deployment. The argument displays a broader trade push to maneuver safety checks nearer to builders and their day-to-day instruments.
Roey Eliyahu, Chief Government Officer and Co-founder of Salt Safety, stated the product is meant to shut the hole between fast AI-driven improvement and company safety controls. “AI is writing code quicker than organizations can govern it, whether or not that AI is Claude, Gemini, Copilot, or the subsequent instrument a developer downloads tomorrow. Salt Code adjustments the equation. For the primary time, safety coverage travels with the code itself, from the primary immediate by means of each stage of the pipeline and into runtime. Organisations now not have to decide on between the pace AI permits and the safety their enterprise requires,” Eliyahu stated.
Christopher M. Steffen, Vice President of Analysis, Data Safety, Threat and Compliance Administration at Enterprise Administration Associates, stated the product provides a code-focused layer to the corporate’s wider safety mannequin. “I often level organizations towards Salt as a result of the total Agentic Safety Graph is genuinely differentiating. Salt Code is the piece that ties it collectively. With code-level context layered onto runtime conduct, Salt is constructing a multi-dimensional protection for agentic methods quite than one other single-point instrument. That’s the course this market wants to maneuver,” Steffen stated.