New AI code compliance suite delivers organization-wide governance for AI-generated code and smart, context-aware code reviews, bridging the gap between development speed, security and compliance.
LISBON, Portugal, Dec. 4, 2025 /PRNewswire-PRWeb/ -- Codacy, the leading automated security and code quality platform, today announced the launch of two major capabilities designed to secure the modern, AI-accelerated software development lifecycle: the AI Risk Hub and the AI Reviewer.
With the widespread adoption of Generative AI, engineering teams face a new "Wild West" of coding tool adoption. Used by 77.9% of developers to accelerate delivery, AI coding agents are trained on source code that is often outdated and prone to security risks. This surge has introduced a "Speed Trap": a paradox where faster coding leads to increased exposure to hardcoded secrets, insecure dependencies, and novel threats like invisible unicode injections.
Codacy's new release addresses this paradox head-on, offering engineering leaders and developers the controls they need to govern AI usage without slowing down innovation.
Introducing the AI Risk Hub: Governance for the GenAI Era
The AI Risk Hub serves as a centralized governance suite for security, engineering and compliance leaders alike. It allows organizations to define, enforce, and monitor AI policies across every dev team and code repository.
"We are seeing a massive shift where developers are frustrated by 'almost right' AI solutions that require time-consuming debugging," said Jaime, CEO at Codacy. "The AI Risk Hub provides the missing layer of traceability and standardization. It ensures that while developers leverage AI for speed, the organization remains protected against the unique vulnerabilities AI introduces."
Key capabilities of the AI Risk Hub include:
- Unified AI Policies: A curated ruleset to prevent risks inherent to AI code, including unapproved model calls, insecure dependencies, and "AI Safety" checks for patterns like invisible unicode attacks.
- AI Risk Score: An organization-wide metric based on a checklist of seven essential protection layers, including protected Pull Requests (PRs), enforced gates, and daily vulnerability scans (SCA).
- AI Risk Checklist: A practical, downloadable guide based on the OWASP LLM Governance Checklist 2025 and Codacy's AI Risk Report, designed to help organizations validate AI security across legal, operational, and technical areas.
The Codacy AI Reviewer: Smarter, Faster Feedback
While the Risk Hub secures the perimeter, the new Codacy AI Reviewer transforms the developer experience when coding with AI. Recognizing that static analysis alone cannot catch context and logic gaps in AI-generated code, the AI Reviewer combines the reliability of rule-based, deterministic analysis with the contextual understanding of Large Language Models (LLMs).
By analyzing source code and PR metadata, the AI Reviewer understands business intent versus technical outcome. It reduces "alert fatigue" and "slop reviews" by providing deep, context-aware feedback that catches logic errors which conventional scanners, and human reviewers, often miss.
Availability
The AI Risk Hub is available immediately to all organizations subscribed to the Codacy Business plan. The AI Reviewer is available to both Team and Business plan customers. To learn more, visit https://blog.codacy.com/codacys-new-ai-risk-hub-and-ai-reviewer-bring-order-to-the-wild-west-of-ai-code-compliance.
About Codacy
Codacy is the leading automated code review platform that helps engineering teams save time and ship secure, high-quality software fast. Trusted by over 15,000 organizations globally, Codacy provides end-to-end security and code quality analysis to ensure coding standards are met across the organization.
Media Contact
Mark Raihlin, Codacy, 1 +14694343051, [email protected], codacy.com
SOURCE Codacy
Share this article