Codacy has launched two new products to help control genAI coding.  AI Risk Hub and AI Reviewer form a code compliance suite that organizations can use for governance of AI-generated code and smart, context-aware code reviews. 

Codacy is best known for its automated application security and code quality solutions. The Codacy platform provides automated code reviews, static analysis, code quality analysis and security insights.

The Codacy team says that with the widespread adoption of Generative AI, engineering teams face a new "Wild West" of coding tool adoption. Although nearly four fifths of developers are making use of coding agents to accelerate delivery, the agents have been trained on source code that doesn't conform to modern coding standards for security.

This can mean that while the coding is carried out in less time, the end result leads to increased security exposure to hardcoded secrets, insecure dependencies, and threats like invisible unicode injections.

The first product, AI Risk Hub, serves as a centralized governance suite. Organizations can use it to define, enforce, and monitor AI policies across all their development teams and code repositories.

According to Jaime Jorge, CEO at Codacy:

"We are seeing a massive shift where developers are frustrated by 'almost right' AI solutions that require time-consuming debugging.The AI Risk Hub provides the missing layer of traceability and standardization. It ensures that while developers leverage AI for speed, the organization remains protected against the unique vulnerabilities AI introduces."

AI Risk Hub features start with unified AI policies that form a ruleset to prevent risks including unapproved model calls, hardcoded secrets, and "AI Safety" checks for patterns like invisible unicode attacks. It also provides an AI Risk Score, an organization-wide metric based on a checklist of seven essential protection layers, including protected Pull Requests (PRs), enforced gates, and daily vulnerability scans (SCA).

Risk Hub also includes an AI Risk Checklist, a downloadable guide based on the OWASP LLM Governance Checklist 2025 and Codacy's AI Risk Report, that can be used to validate AI security across legal, operational, and technical areas.

The second release is the Codacy AI Reviewer. Codacy says that while the Risk Hub secures the perimeter, the AI Reviewer is used by the developer when coding with AI. The AI Reviewer is designed to supplement static analysis to ensure context and logic gaps in AI-generated code are identified and dealt with. The reviewer combines rule-based, deterministic analysis with the contextual understanding of Large Language Models (LLMs).

The AI Reviewer is designed to understand business intent rather than technical outcome. It analyzes source code and PR metadata, and provides context-aware feedback that catches logic errors which conventional scanners, and human reviewers, often miss. The team says this reduces "alert fatigue" and "slop reviews".

The AI Risk Hub is available immediately to all organizations subscribed to the Codacy Business plan. The AI Reviewer is available to both Team and Business plan customers.

More Information

Codacy AI Risk Hub

Codacy AI Reviewer

Related Articles

Codacy Provides Free AI- Risk Assessment

Codacy Guardrails For Secure AI-Generated Code

Codacy - Automated Code Review

Build Apps with Windsurf's AI Coding Agents - The Course 

More Information

Related Articles

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Facebook or Linkedin.

Comments

Make a Comment or View Existing Comments Using Disqus

or email your comment to: comments@i-programmer.info