Salt Safety has launched Salt Code, a instrument designed to implement safety insurance policies inside AI coding assistants. The product extends the corporate’s Agentic Safety Platform into software program improvement workflows.
Salt Code applies inside safety and compliance guidelines on the level the place builders generate code with assistants comparable to Claude Code, Cursor, GitHub Copilot, Windsurf, Codex and Gemini CLI. It’s designed to present safety groups a single coverage layer throughout code creation, pipeline checks and runtime monitoring.
The launch comes as AI coding assistants account for a rising share of software program improvement in giant firms. Salt cited figures displaying GitHub Copilot is deployed at 90% of Fortune 100 firms, whereas GitHub has mentioned AI assistants now generate 46% of code written by builders on its platform.
That development has heightened considerations about software program flaws launched by machine-generated code. Salt pointed to Veracode analysis that discovered 45% of AI-generated code samples for security-sensitive duties launched vulnerabilities from the OWASP Prime 10, and to evaluation from CodeRabbit that discovered AI pull requests contained 2.74 instances extra vulnerabilities than human-written ones.
Coverage layer
On the centre of the brand new product is Salt’s Posture Governance Engine, which serves as a standard set of insurance policies throughout totally different phases of improvement and deployment. The identical coverage mannequin could be utilized to generated code, management aircraft settings and runtime behaviour, in response to the corporate.
The instrument connects to coding assistants via the Mannequin Context Protocol, an open commonplace first developed by Anthropic and adopted by a number of main AI suppliers. Salt mentioned this method is meant to let the product work throughout MCP-compatible assistants and code evaluate workflows moderately than tie clients to a single vendor.
Salt Code additionally consists of pre-built insurance policies protecting the OWASP API Prime 10, MCP Safety Prime 10, LLM Safety Prime 10 and OpenAPI or Swagger compliance, alongside assist for company-specific guidelines. In observe, this implies safety groups can outline requirements in a single place and apply them to builders utilizing totally different AI instruments.
Lifecycle protection
Salt described the product as spanning 5 phases of the event lifecycle. It begins with discovery of APIs, MCP servers and AI agent integrations throughout repositories and cloud environments, then applies coverage checks throughout code era.
These checks lengthen into CI/CD pipelines, the place coverage violations could be blocked earlier than software program reaches manufacturing. The ultimate phases cowl monitoring in dwell environments and feeding findings again into improvement workflows.
The runtime factor attracts on Salt’s current monitoring engine to trace APIs, brokers and MCP integrations as soon as programs are deployed. The corporate added that remediation options are designed to show runtime findings into fixes for builders and AI assistants, though some automation capabilities are due later this yr.
Salt mentioned the product is mostly out there for a broad vary of AI coding assistants, together with Claude Code, Cursor, GitHub Copilot, Windsurf, Kiro, Codex, Gemini CLI and Antigravity. It additionally integrates with supply management, improvement and pipeline instruments together with GitHub, GitLab, Bitbucket, VS Code and different IDEs that assist MCP server configuration, in addition to main CI/CD platforms.
Workflow integrations with Jira and ServiceNow are additionally included, permitting findings to be routed into current ticketing programs utilized by safety and operations groups. Present clients will obtain Salt Code as a part of their current licence, in response to the corporate.
Market strain
Safety distributors have been transferring to handle the dangers linked to AI-assisted software program improvement as adoption rises throughout giant organisations. Conventional static and dynamic testing instruments normally analyse code after it has been written, which might make issues extra expensive to repair if flawed patterns have unfold via a mission.
Salt is positioning the brand new product round earlier intervention, arguing that coverage enforcement ought to occur when code is created moderately than after it enters testing and deployment. The argument displays a broader business push to maneuver safety checks nearer to builders and their day-to-day instruments.
Roey Eliyahu, Chief Govt Officer and Co-founder of Salt Safety, mentioned the product is meant to shut the hole between speedy AI-driven improvement and company safety controls. “AI is writing code quicker than organizations can govern it, whether or not that AI is Claude, Gemini, Copilot, or the following instrument a developer downloads tomorrow. Salt Code adjustments the equation. For the primary time, safety coverage travels with the code itself, from the primary immediate via each stage of the pipeline and into runtime. Organisations not have to decide on between the velocity AI allows and the safety their enterprise requires,” Eliyahu mentioned.
Christopher M. Steffen, Vice President of Analysis, Info Safety, Danger and Compliance Administration at Enterprise Administration Associates, mentioned the product provides a code-focused layer to the corporate’s wider safety mannequin. “I repeatedly level organizations towards Salt as a result of the complete Agentic Safety Graph is genuinely differentiating. Salt Code is the piece that ties it collectively. With code-level context layered onto runtime habits, Salt is constructing a multi-dimensional protection for agentic programs moderately than one other single-point instrument. That’s the path this market wants to maneuver,” Steffen mentioned.