Sonar Acquires Gitar to Police AI-Generated Code in New 'Agentic Era'

AUSTIN, Texas – May 21, 2026 – Sonar, a prominent player in code quality and security, today announced its acquisition of AI-native code review platform Gitar. The move signals a major consolidation in the developer tool market, aiming to create a comprehensive verification platform designed to manage the opportunities and risks of software development's new "agentic era."

The acquisition unites Sonar's widely adopted SonarQube verification engine with Gitar's specialized AI agents that review and fix code. The goal is to provide an end-to-end solution that ensures the quality, security, and integrity of code from the moment an AI agent writes it until it is deployed, addressing a critical pain point for enterprises rapidly adopting AI to accelerate software delivery.

The Double-Edged Sword of Agentic Development

The software industry is undergoing a seismic shift, moving into what Sonar terms the "Agentic Development Cycle" (AC/DC). In this new paradigm, AI agents—from tools like GitHub Copilot and Devin to Anthropic's Claude Code—are no longer just suggesting snippets but are capable of writing, refactoring, and debugging large blocks of code with increasing autonomy. This promises unprecedented development velocity, but it also introduces a significant challenge: code overload.

As AI generates code at a rate far exceeding human capacity for review, a new bottleneck has emerged. The challenge is no longer writing the code, but validating it. Without robust guardrails, this flood of AI-generated code can introduce subtle bugs, complex security vulnerabilities, and architectural decay, turning a productivity boom into a source of significant operational risk. Industry data already highlights the stakes, with Sonar reporting that teams using its verification tools are 44% less likely to suffer outages caused by AI-generated code.

"Enterprise adoption of AI depends on strong verification of agentic output," said Tariq Shaukat, CEO at Sonar, in a statement. "Right now, every enterprise is asking the same question: 'How do we move fast with AI without breaking things?'"

A Unified Front for Code Verification

Sonar's acquisition of Gitar is its answer to that question. The plan is to seamlessly integrate Gitar's AI-powered review capabilities directly into SonarQube, a platform already used by over 7 million developers and more than 75% of the Fortune 100. The combined offering aims to create a single, unified platform that acts as a "zero-trust" quality gate for both human and AI-generated code.

With the integration, Sonar customers will be able to analyze code at a granular level, inspecting everything from syntax and data flows to complex architectural dependencies. More importantly, the platform will allow organizations to enforce their own unique quality and security standards in a consistent, transparent, and auditable manner. The new capabilities will extend to "agentically" fixing identified issues, creating a closed loop from detection to remediation that operates in real-time as AI agents work.

Shaukat added that the unified platform "brings together the best of AI code review and the most comprehensive verification engine in the market, providing the highest level of assurance whether you're using Claude Code, Cursor, Codex, Devin, or GitHub Copilot."

From Generation to Validation: The Gitar Story

While much of the market has focused on the "how-fast-can-we-generate-it" aspect of AI coding, Gitar carved out a niche by tackling what its founders saw as the harder, more critical problem: validation. Founded in 2023 by veterans of Uber, Google, and Meta, Gitar emerged from stealth just last month with $9 million in Series A funding, quickly establishing itself as a key player in the post-generation validation space.

The company's platform was designed to act as an "agentic quality gate," using its own AI agents to automatically find and fix bugs, security flaws, and CI/CD pipeline failures within pull requests. This focus on automated remediation and high-signal feedback resonated with early customers, who praised its ability to catch critical issues that might otherwise be lost in the noise of high-velocity development.

Gitar's co-founders, CEO Ali-Reza Adl-Tabatabai and Gautam Korlam, who previously helped build Uber's centralized developer platform, will join Sonar to lead the continued development of the Gitar platform.

"While the market chased AI code generation, we focused on the harder problem: validating it," said Adl-Tabatabai. "We saw firsthand what happens when development velocity outpaces code quality. AI has made that problem an order of magnitude bigger... Together, we'll deliver the greatest, unbeatable verification platform for the agentic era."

For existing customers, Gitar will continue to be available as a standalone product, with Sonar committing to a no-impact transition. It will also be bundled with SonarQube and its Advanced Security offerings.

Carving a Niche in a Crowded AI Market

The acquisition places Sonar in a strategic position within the competitive landscape of developer tools. While companies like Microsoft (with GitHub Copilot), Snyk, and Checkmarx are integrating AI into their security and development platforms, Sonar is positioning itself as the essential, independent verification layer that works across all of them.

This vendor-agnostic approach is a key part of Sonar's strategy. By providing a consistent standard of verification regardless of the code's origin—human or a specific AI agent—Sonar aims to become the foundational layer of trust in the AI-driven software supply chain. This move is the latest in a series of product expansions over the last year designed to bolster its AC/DC methodology, including advanced software composition analysis (SCA), real-time scanning via a new CLI, and direct integrations with tools like Claude Code.

By acquiring a company that specialized in validating AI code from its inception, Sonar is not just adding a feature; it's absorbing deep, focused expertise and technology built for the very problem it aims to solve. The company will be hosting a live demo and Q&A session on June 11, 2026, to showcase the combined capabilities and further detail its vision for a securely automated future of software development.