Semgrep Raises US$100m for AI Security Scanning Platform
Semgrep, a provider of application security scanning tools that detect vulnerabilities in software code, has secured US$100m in Series D funding led by Menlo Ventures, bringing its total funding to US$204m.
The San Francisco-based company, which offers an open-source platform that analyses code for security and reliability issues, will use the capital to expand its artificial intelligence capabilities and grow its enterprise sales team.
AI-powered code analysis
The investment comes as organisations face increasing pressure to secure complex codebases while maintaining rapid development cycles.
Semgrep's platform enables automated scanning of application code through static application security testing (SAST) – a process that examines source code for security vulnerabilities before deployment – and software composition analysis (SCA), which identifies security risks in third-party components.
According to customer feedback cited by Semgrep, current code scanners are noisy, have low efficacy, slow developers down and present operational challenges.
The platform aims to establish what it terms “Secure Guardrails”, moving from traditional risk management to proactive security engineering.
The company recently launched Semgrep Assistant, an AI-powered tool that uses large language models to automatically identify and remediate security issues within an organisation's software development lifecycle.
The system converts detected vulnerabilities into security protocols that help developers write more secure code.
“The era of AI for security is here, and Semgrep is uniquely positioned to help organisations secure their code without sacrificing development velocity,” says Isaac Evans, CEO at Semgrep.
Strategic expansion
The funding round included participation from existing investors Felicis Ventures, Harpoon Ventures, Lightspeed Venture Partners, Redpoint Ventures and Sequoia Capital.
Since its Series C announcement in April 2023, Semgrep has developed its Application Security Platform to include SAST, SCA, and Secrets product capabilities.
The platform is now used by hundreds of customers, including Snowflake and Dropbox.
As part of its growth strategy, Semgrep has appointed Garrett Souza, former SVP Americas at data integration company Matillion and enterprise sales leader at security firm Snyk, as Vice President of Sales.
Mark McLaughlin, former CEO of cybersecurity company Palo Alto Networks, has joined as an angel investor and advisor.
The company plans to use the new funding to hire artificial intelligence and program analysis specialists.
It will also expand its go-to-market team with veterans from technology firms including HashiCorp, Elasticsearch and Snyk, leveraging its position at the intersection of open-source software and security.
Matt Murphy, Partner at Menlo Ventures and new board member of Semgrep, says: “AI is having a profound impact on all areas of technology. Semgrep's approach to autonomous code security is a perfect example and represents the future of application security.”
Exploring Semgrep
The platform's central aim is to transition organisations from reactive security measures to proactive engineering practices.
Through its automated scanning capabilities, the system enables development teams to establish security protocols earlier in the code development process.
The company's focus on signal-to-noise ratio in vulnerability detection addresses a core challenge in the application security market.
By integrating security measures directly into development workflows, the platform aims to maintain development speed while enhancing code security.
Semgrep's approach combines automated scanning with cost management considerations, offering what it terms an ‘affordable’ enterprise security solution.
Explore the latest edition of FinTech Magazine and be part of the conversation at our global conference series, FinTech LIVE.
Discover all our upcoming events and secure your tickets today.
FinTech Magazine is a BizClik brand
