Secure Code Warrior has launched an Adaptive Learning feature for software developers, linking training to AI use and code risk.
The feature delivers personalised learning prompts when the system detects risky code activity, including code produced by AI tools. Training is tied to developer actions at the commit level and is intended to move risk reduction earlier in the software development process.
The launch comes as companies face growing scrutiny over how employees use AI in software development and where source code is shared. Secure Code Warrior cited the Verizon 2026 Data Breach Investigations Report, which found that source code was the most common type of data submitted to unauthorised external AI models.
The same report found that 45% of employees are regular AI users on corporate devices, up from 15% a year earlier, while 67% access AI services through non-corporate accounts. Secure Code Warrior said these patterns raise concerns about intellectual property exposure and weak oversight of AI-assisted coding.
It also cited Faros' 2026 AI Engineering Report, which found that the ratio of lines deleted to lines added for merged code has increased 861% each quarter amid high AI adoption. According to Secure Code Warrior, that level of code churn reflects a sharp shift in software development workflows as teams move from human-written code to AI-assisted and more autonomous systems.
How it works
Adaptive Learning sits between the company's Trust Agent product and its broader training platform, with the aim of keeping training aligned with a developer's real-time activity over time.
The feature is built around two elements: AI Signals and Vulnerability Signals. AI Signals identifies which AI tools a developer is using, links that activity to committed lines of code, and assigns targeted training based on the behaviour detected.
Vulnerability Signals connects data from existing security tools to the training system. It can identify vulnerabilities in the repositories where developers work and assign training relevant to the affected code.
Companies can set rules for when learning is triggered by AI usage or discovered vulnerabilities. They can also target developers based on actual tool use, assign task-based training, and track completion and performance over time.
The feature also supports application programming interface imports from Checkmarx, SonarQube and Parasoft, as well as SARIF uploads. Scheduled synchronisation is planned, according to the company's product details.
Governance push
The launch expands Secure Code Warrior's broader push into AI software governance. The company has positioned Trust Agent as a way for organisations to see where AI has influenced software development, assign accountability and apply internal rules to how AI is used in codebases.
Adaptive Learning adds a training layer by creating auditable records of AI security training for individual developers tied to production code. Secure Code Warrior said those records can support compliance efforts related to the EU AI Act, ISO/IEC 42001 and the NIST AI Risk Management Framework.
Secure Code Warrior argues that many organisations can see how AI is being used but lack a practical way to change developer behaviour at the point where risk appears. By connecting code activity to learning tasks, it aims to show a measurable link between governance controls and developer actions.
The wider backdrop is a difficult period for software security teams. Secure Code Warrior cited Verizon data showing that exploitation of vulnerabilities has overtaken credential abuse as the leading breach method, accounting for 31% of initial access vectors. It also said only 26% of critical vulnerabilities were fully remediated in 2025 and that the median remediation time reached 43 days.
Those figures highlight pressure on organisations to reduce security issues before software reaches production. In that context, a system that ties training directly to coding behaviour could appeal to companies trying to manage the spread of AI-generated code without slowing development teams further.
Pieter Danhieux, Co-Founder and Chief Executive Officer of Secure Code Warrior, outlined the company's view of the problem.
"At every stage, enterprises are trying to achieve three primary objectives: developers and agents must learn to build securely, businesses must govern what AI can and can't touch in the codebase, and security teams must be able to trace which AI did what, where, and for whom," said Danhieux.
"With SCW's Adaptive Learning, organizations and developers can swiftly move from understanding risk, to actively reducing it at scale, and with measurable proof at the commit level. This is imperative as developers move from more traditional workflows, to environments where they are orchestrators of autonomous agents," said Danhieux.