Semgrep's AI Cybersecurity Tools Receive Funding Boost

By Matt High
Share this article
Share this article
Prioritise Us on Google
Semgrep Raises US$100m for AI Security Scanning Platform
US cybersecurity firm Semgrep has secured Series D funding to develop its automated vulnerability and application scanning security tools

Application security scanning cybersecurity firm Semgrep has secured US$100m in Series D funding led by Menlo Ventures. The development elevates Semgrep's total funding to US $204m.

Semgrep is based in San Francisco and specialises in open-source security technology for static code analysis that allows developers to find bugs and enforce code standards. This makes security a seamless part of the development process, improves code and developer productivity and reduces risk.

The company will use the capital to bolster AI development and capabilities and to also grow its enterprise sales force.

Youtube Placeholder

Code analysis in the AI age

The need for robust security measures is growing as organisations face increasingly complex challenges around securing codebases while maintaining swift development cycles. Semgrep helps organisations mitigate these issues with its Semgrep OSS platform, which facilitates the automated scanning of application code.

This is achieved through Static Application Security Testing (SAST) and Software Composition Analysis (SCA). SAST scrutinises source code for security vulnerabilities before the code is deployed, helping to identify security flaws early in the development process and prevent costly and disruptive incidents later on. SCA looks for security risks in third-party components.

Feedback from customers highlights that existing code scanners often disrupt development processes by being cumbersome and inefficient. In response, Semgrep has developed what it calls ‘Secure Guardrails’, which shift the focus from conventional risk management to proactive security engineering, significantly enhancing the security posture of development projects.

Semgrep has also introduced the Semgrep Assistant, an AI-powered tool that leverages large language models. This automatically pinpoints and resolves security issues throughout the software development lifecycle, transforming detected vulnerabilities into actionable security protocols that aid developers in crafting more secure code.

Semgrep's CEO, Isaac Evans, discussed the ethos driving the company's vision: “The era of AI for security is here, and Semgrep is uniquely positioned to help organisations secure their code without sacrificing development velocity.”

Isaac Evans, Semgrep

Semgrep focuses on strategic expansion 

The funding round not only saw contributions from new stakeholders but also reinforced support from prior investors such as Felicis Ventures, Harpoon Ventures, Lightspeed Venture Partners, Redpoint Ventures and Sequoia Capital.

Since the announcement of Series C funding in April 2023, Semgrep has expanded its Application Security Platform's capabilities, which now include SAST, SCA and Secrets products. 

The platform is currently in use by leading industry names such as Snowflake and Dropbox.

As part of its growth strategy, Semgrep has welcomed Garrett Souza as Vice President of Sales and also gained strategic insights from Mark McLaughlin, former CEO of cybersecurity leader Palo Alto Networks, who serves as an angel investor and advisor. 

The latest funding will be channelled towards hiring specialists in AI and program analysis, and amplifying Semgrep’s market presence with experienced tech firm personnel from the likes of HashiCorp, Elasticsearch, and Snyk.

Menlo Ventures' partner and Semgrep's new board member, Matt Murphy, highlighted the strategic value of AI in today's technological landscape: “AI is having a profound impact on all areas of technology. Semgrep’s approach to autonomous code security is a perfect example and represents the future of application security.”

Matt Murphy, Menlo Ventures

Innovation at Semgrep

The core of Semgrep's mission is the transition from reactive to proactive security measures and engineering practices. Its automated scanning capabilities are instrumental in allowing development teams to embed security protocols early in the code development process. This integration not only accelerates the development pace but also ensures that applications are secure from the start.

Semgrep's emphasis on a high signal-to-noise ratio in vulnerability detection addresses a critical challenge in the application security arena, offering a cost-effective enterprise security solution tailored to modern development needs.


Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.

Discover all our upcoming events and secure your tickets today. 


Cyber Magazine is a BizClik brand