Forrester Names RL in Agentic Development Security Market

AI coding agents have transformed software application development and risks: generating a torrent of insecure code at machine speed that are overwhelming legacy application security platforms and processes. 

The solution: a new generation of agentic development security (ADS) tools, capable of addressing this fundamentally new category of application security risk at scale, according to a new report published by Forrester Research. 

The report, The Agentic Development Security Tools Landscape, Q2 2026, identifies ReversingLabs (RL) among notable vendors in the new ADS category. It arrives as AI coding agents become standard fixtures in enterprise development workflows, spawning code integrity and security problems at a rate that outpaces the developer-oriented application security tools that are widely used.

[ Join the Forrester ADS webinar, featuring analyst Janet Worthington ]

How AI Breaks Traditional AppSec

Legacy AppSec testing processes, which are part of the bigger trend of shifting security left in the software development lifecycle, fail to fully address the growing range of software supply chain threats that organizations face from open-source and third-party software use in modern software development practices. While AST tools can help identify vulnerability and exposure risk in internally developed code and open-source libraries, they completely miss third-party software tampering, malware injections and other risks.

AI coding agents, which operate differently,generate large volumes of syntactically correct- but semantically risky code; select third-party dependencies autonomously — or hallucinate them entirely. Compounding those challenges, AI coding agents can integrate their code into existing pipelines faster than any human-based review process can accommodate.

The result is code with flaws that are familiar in name but new in scale and origin: hardcoded credentials, missing input validation, insecure dependencies, and hallucinated components — all generated at machine speed and injected into automated delivery pipelines without human oversight.

A New Attack Surface in the AI Supply Chain 

Organizations rushing to deploy AI agents across their workflows need to realize that the underlying agent stack that governs identity, access, persistence, security, and operational control is more consequential than the particular model chosen. 

The engineering leader and director for Google Cloud AI, Addy Osmani, wrote in a recent Substack post that in many environments, agents are being granted broad autonomy without the infrastructure needed to properly control, monitor, or audit their behavior. As those systems become more deeply embedded in enterprise operations, weaknesses in the underlying stack can metastasize from being an engineering concern to become a broader security, governance, and operational risk.

This aligns with what RL has observed in recent malicious, AI-powered software supply chain campaigns. For example, the Shai-Hulud and Mini Shai-Hulud attacks had threat actors compromising CI/CD pipelines, poisoning open source dependencies, and exploiting the trust that automated pipelines place in published packages.

What ADS Tools Actually Do

ADS tools are designed to secure all of it.

Forrester's market definition declares that ADS tools "prevent, detect, prioritize, and remediate security flaws while providing continuous intelligence on the security of code, development workflows, and resulting applications" — specifically for AI-powered software development and delivery.

The report identifies four core use cases buyers are prioritizing:

• AI-generated code — analyzing and securing code during the generation phase, not after
• AI application dependencies — preventing poisoned, insecure, or noncompliant packages from entering dev environments
• Autonomous remediation — automatically fixing vulnerabilities and reducing security debt using AI fix agents
• DevSecOps — embedding security into AI-powered development workflows seamlessly

The widespread adoption of AI for coding is also creating extended use cases as organizations' agentic development matures. These include functions like affirming AI software supply chain integrity; detecting shadow AI use within organizations; Application Security Posture Management (ASPM) for AI; as well as policy and regulatory compliance.

RL Empowers Core — And Extended — ADS Capabilities

RL’s Spectra Assure product is one of 35 ADS vendors profiled in Forrester’s report. Forrester asked each vendor included in the Landscape to select the top use cases for which clients select them and from there determined which are the extended use cases that highlight differentiation among the vendors. ReversingLabs is shown in the report for having selected the following extended use cases as top reasons clients work with them out of those extended use cases/business scenarios:: 

• AI software supply chain – verifying the integrity and traceability of source code, pipelines, dependencies, development tooling and artifacts.
• Secure AI applications – identifying and remediating flaws for traditional as well as LLM-specific findings.
• Shadow AI – discovering and providing an inventory for the AI coding toolchain and AI application dependencies to identify unapproved components.

These capabilities are on public display through RL’s published research. For example, RL researchers recently revealed a malicious supply chain campaign the team dubbed PromptMink, which involved a malicious code dependency added to openpaw-graveyard, an open source crypto trading project. An AI-based coding agent added the malicious package, @validate-sdk/v2, as a dependency. The package posed as a routine data validation tool while siphoning off sensitive secrets from its host environment, RL found. The commit was co-authored by Anthropic’s Claude Opus large language model (LLM). It allows attackers to access users’ crypto wallets and funds.

That incident is part of a broader campaign tied to the North Korean-linked group Famous Chollima, which is leveraging AI-generated code and a layered package strategy to evade detection and more effectively deceive automated coding assistants than human developers. And it is indicative of the kinds of sophisticated, AI-powered malicious campaigns that development teams must contend with. 

The Prevention Imperative

One of Forrester's clearest positions in the report: don't be distracted by AI runtime security and AI security posture management tools that emphasize production-stage protection. "Prevention is still best."

This is a point worth reinforcing. A vulnerability discovered in production is a response problem. Malicious code that entered your pipeline through a compromised dependency was an intake problem. The distinction matters because the cost, complexity, and impact of remediation scale with how late in the SDLC a problem is caught.

RL’s approach has always been grounded in this principle. Binary analysis and behavioral detection at the point of intake — before compromised packages reach build systems — is how you stop attacks like Shai-Hulud from becoming incidents.

These are not distant roadmap items. Given the pace at which agentic tooling is being adopted — and the pace at which threat actors are learning to exploit it — organizations that defer building out ADS capabilities are compressing their response window.

ReversingLabs is named in Forrester's Q2 2026 Agentic Development Security Tools Landscape. Learn how RL's Spectra Assure can help secure your software supply chain in AI agent-fueled development environments.