NEWS

42Crunch and GitHub Copilot Bring Deterministic API Security Guardrails to Agentic DevSecOps

June 16, 2026| byHugh Carroll

Breakthrough integration enables real-time detection and remediation of API vulnerabilities in AI-driven development workflows at machine speed

 

San Francisco, CA — June 16, 2026 — 42Crunch, the leading API security platform for the agentic era, today announced the availability of the 42Crunch API Security Testing Plugin for GitHub Copilot. This latest advance enables developers to continuously audit, test, remediate and validate API security vulnerabilities directly within AI-assisted development workflows.

Organizations are struggling to secure their growing API landscape in the face of increasing attacks, with AI’s heavy reliance on APIs compounding this problem. Consequently, one of the key areas of attention for security and engineering teams is the security testing of these APIs.

According to William Dupre, VP Analyst with Gartner, “building on the testing capabilities in the managing stage, organizations that optimize their API testing capabilities will utilize specifications to further automate API testing. Various API testing tools can use specifications to run functional and security-focused tests against APIs. These efforts will be automated in the build pipeline to provide immediate feedback to development teams on security vulnerabilities in APIs.”1

GitHub CPO, Mario Rodriguez said, “As agentic workflows become the norm, repository creation, pull request activity, and API usage are all accelerating with no evidence of slowing down. On GitHub alone, commits nearly doubled year over year, crossing 1.4 billion per month, plus over 2 billion GitHub Actions minutes a week.
To meet this demand and continue to be the home for all developers (and now their agents), our focus is scaling our underlying systems and improving resilience, security and stability across all of our services, at every layer of the stack.”

As reported last year by Veracode, almost half (45%) of AI-generated code contains known OWASP Top 10 vulnerabilities and a survey by security consultancy Upguard revealed that 88% of security leaders admit incorporating unauthorized AI into their daily workflows.

For APIs, the challenge is particularly acute. APIs have become the operational backbone of modern applications, AI agents, and enterprise systems. As developers increasingly rely on AI coding assistants to generate API specifications, integrations, and application logic, manual security reviews risk becoming the very bottleneck that slows enterprise AI adoption.

“The future of software development isn’t simply AI generating more code. It’s AI generating more code that organizations can trust,” said Jacques Declas, CEO of 42Crunch.

“GitHub Copilot and other AI coding assistants are dramatically increasing development velocity, but they are also exposing a fundamental challenge: human security review cannot scale linearly with AI-generated output. Organizations need deterministic security guardrails that can validate, govern, and remediate API security issues at the same speed AI generates them. The 42Crunch API security testing GitHub Copilot plugin delivers exactly that capability,” continued Declas.

The 42Crunch API Security Testing Plugin for GitHub Copilot addresses this challenge by embedding deterministic API security guardrails directly into the development workflow.

The plugin continuously:

  • Audits OpenAPI specifications when new APIs are defined
  • Detects API security vulnerabilities and governance violations
  • Identifies OWASP API Security Top 10 risks
  • Provides AI-assisted remediation guidance
  • Validates fixes through automated testing
  • Enforces organizational API security standards and policies

By automating API security validation, organizations can ensure that security scales alongside AI-assisted development rather than becoming a downstream review process.

Availability


The 42Crunch API Security Testing Plugin for GitHub Copilot is available immediately:

About 42Crunch
42Crunch is the Agentic DevSecOps security platform for the AI era. As AI agents build and interact with software, APIs have become the control plane and primary risk surface of modern systems. 42Crunch ensures those APIs are continuously validated, governed and secured in real time by embedding quality and security guardrails directly into AI-driven development workflows. Trusted by global enterprises and over 2 million developers, 42Crunch provides the governance layer required to safely scale autonomous software.

1Gartner, API Security Maturity Model, 8 January 2026 By: William Dupre. GARTNER is a trademark of Gartner, Inc. and/or its affiliates.

Media Contact
Hugh Carroll
42Crunch
press@42crunch.com

Latest Resources

WEBINAR

Agentic AI: Fools Rush in Where Angels Fear to Tread

Join, Rik Turner, Chief Analyst at Omdia in conversation with Philippe Leothaud, CTO at 42Crunch as they separate signal from noise and explore the practical implications for enterprises seeking to enable the AI enterprise with agentic AI, but ensure that the appropriate security guardrails are in place.

BLOG

The Best API Security Platform for the Agentic Enterprise

By Hugh Carroll | May 8, 2026

Selecting the API Security Platform that addresses your AI concerns Enterprise API security has always been hard. In 2026, it has become structurally more difficult — not because the threat landscape has changed incrementally, but because of the way that APIs are being built has changed entirely. AI […]

DataSheet

Product Datasheet Addressing API Security Challenges

APIs are the core building block of every enterprise’s digital strategy, yet they are also the number one attack surface for hackers. 42Crunch makes developers’ and security practitioners' lives easier by protecting APIs, with a platform that automates security into the API development pipeline and gives full oversight of security policy enforcement at every stage of the API lifecycle.

Secure Your APIs Today

#1 API security platform

Free Trial