Company pioneers new AI Code Security Assistant category with Developer Assist and delivers groundbreaking research as platform grows

Checkmarx, the global leader in agentic-AI powered application security testing, today announced record-breaking growth for its flagship platform, Checkmarx One, underscoring a wave of customer adoption fueled by innovation and strategic leadership. The news comes alongside groundbreaking research from Checkmarx Zero that highlights the urgent need for secure software in an AI-driven development landscape.

Record-Breaking Growth & Adoption

Checkmarx One has rapidly become the platform of choice for securing modern applications, now protecting more than 860 of the world’s largest enterprises. This wave of customer adoption has propelled the platform beyond $150 million in ARR in three years, cementing Checkmarx One as one of the fastest-growing platforms in application security.

Momentum accelerated for Checkmarx in 2023 when Sandeep Johri took the helm as CEO, guiding the company through a period of unprecedented growth and positioning it for sustained expansion. Today, as companies face data breaches that, according to an IBM report this year, cost an average of $4.4 million each, Checkmarx One offers the most comprehensive enterprise business protection for existing, new, and AI-generated code. Each month, Checkmarx analyzes over 800 billion lines of code, performs four million scans, secures more than three million open-source packages, and inspects nearly a million container images, all while identifying approximately half a million malicious packages before they can impact organizations.

Checkmarx One has continued this growth trajectory in 2025, with more than 20% customer growth and more than 30% ARR growth year-to-date (as of Sept. 30, 2025), as organizations increasingly turn to Checkmarx One to secure the code driving their businesses.

Measurable Business Impact

With a proven track record of innovation and measurable business impact, Checkmarx One reduces customers’ vulnerabilities per project by more than 50% on average within a year of implementation and cuts the average cost per fix by more than 60%. Customer success stories illustrate its transformative effect:

• Construction giant PCL went from onboarding Checkmarx One in a matter of hours to scanning more than four million lines of code a week for rapid detection, remediation and reduced supply chain risk.
• Cebu Pacific, the largest airline in the Philippines, reduced its vulnerability density by 50% with Checkmarx One.

Recognition & Regulatory Milestones

Checkmarx was named a Leader in the 2025 Gartner® Magic Quadrant™ for Application Security Testing (AST⁾¹. In addition, Checkmarx was named a leader in the 2025 Forrester Wave™ for Static Application Security Testing (SAST⁾², and the IDC MarketScape: Worldwide Application Security Posture Management (ASPM) 2025 Vendor Assessment³.

The company also announced that it has achieved FedRAMP Ready at the High Impact Level for its Checkmarx One for Government platform, the most stringent baseline for FedRAMP cloud systems. Checkmarx is the first AppSec platform to reach Ready status at this level with full coverage across the software development lifecycle (SDLC).

Checkmarx Zero Research: Intelligence Powering AppSec

At the heart of Checkmarx One’s capabilities lies the ongoing work of Checkmarx Zero Research. This specialized research group continuously breaks and protects the building blocks of modern software development, from traditional AppSec to open-source supply chain threats and emerging LLM security risks. In addition to publishing groundbreaking threat research, Checkmarx Zero fuels the intelligence layer of Checkmarx One and contributes actively to the security ecosystem through information sharing, community events, and supporting widely-adopted open-source tools for infrastructure-as-code (IaC), secret protection, and application scanning, KICS, 2MS and ZAP respectively.

This continuous loop of threat discovery, research, and intelligence infusion ensures that Checkmarx One customers are always equipped against the most advanced and fast-evolving risks.

AI & The Future of Secure Development

Checkmarx’s Future of Application Security in the Era of AI and Keeping Bad Vibes Out: AppSec in the Age of AI-Assisted Coding reports, based on a survey of 1,500+ security leaders and developers, reveal the stark risks of AI-driven coding:

• 34% of organizations report that over 60% of their code is machine generated.
• Nearly one in 10 organizations say 80–100% of their codebase is AI-written.
• Despite this surge, only 18% have AI governance policies, and more than 80% knowingly ship vulnerable code often or sometimes, up from 66% in 2024.
• 98% experienced a breach stemming from vulnerable code in the past year.
• Shadow AI is on the rise: 20% officially ban AI tools, yet developers use them anyway.

“The velocity of AI-assisted development makes a holistic security approach that is rooted in prevention, like Checkmarx One, even more critical,” said Sandeep Johri, CEO of Checkmarx. “Application security cannot be an afterthought. Organizations pursuing transformative gains in productivity through AI coding must put equal investment in security or pay the price of dramatically increased risk. Modern enterprises need AI-powered security tools to keep pace with developers and start securing code from the moment of creation preventing vulnerabilities in real time.”

Pioneering AI Code Security Assistants

In response, Checkmarx introduced Developer Assist to general availability in August. The first in a new category of AI Code Security Assistants, Developer Assist provides developers with real-time, context-aware guidance as they code—reducing remediation time from one to two days to just 10–15 minutes.

Integrated with leading AI-native development environments such as Windsurf by Cognition, Cursor, and GitHub Copilot, Developer Assist empowers teams to prevent vulnerabilities before they reach production, combining the productivity of AI with the security rigor of Checkmarx.

For more information about how to secure code at the speed of AI and learn about Checkmarx One Developer Assist and the Assist family of agents, visit the website.

¹ Gartner®, Magic Quadrant™ for Application Security Testing, By Jason Gross, Mark Horvath, Giles Williams, Shailendra Upadhyay, Dionisio Zumerle, Aaron Lord, October 6, 2025

Gartner Disclaimer

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

GARTNER is a registered trademark and service mark, and MAGIC QUADRANT is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.

² The Forrester Wave™: Static Application Security Testing Solutions, Q3 2025, Forrester Research, Inc., September 9, 2025

Forrester does not endorse any company, product, brand, or service included in its research publications and does not advise any person to select the products or services of any company or brand based on the ratings included in such publications. Information is based on the best available resources. Opinions reflect judgment at the time and are subject to change. For more information, read about Forrester’s objectivity here.

³ IDC MarketScape: Worldwide Application Security Posture Management Platforms 2025 Vendor Assessment, Doc # US53001925, September 2025

IDC MarketScape vendor assessment model is designed to provide an overview of the competitive fitness of technology and service suppliers in a given market. The research utilizes a rigorous scoring methodology based on both qualitative and quantitative criteria that results in a single graphical illustration of each supplier’s position within a given market. IDC MarketScape provides a clear framework in which the product and service offerings, capabilities and strategies, and current and future market success factors of technology suppliers can be meaningfully compared. The framework also provides technology buyers with a 360-degree assessment of the strengths and weaknesses of current and prospective suppliers.

About Checkmarx

Checkmarx is the leader in cloud-native, agentic application security, delivering enterprise-grade protection while lowering engineering costs and accelerating development velocity. The Checkmarx One platform scans trillions of lines of code each year for companies, cutting vulnerability density by more than half. Its autonomous security agents detect and counter AI-driven threats across the SDLC, providing prevention-first protection for legacy, modern, and AI-generated code at enterprise scale. Follow Checkmarx on LinkedIn, YouTube, and X.

View source version on businesswire.com: https://www.businesswire.com/news/home/20251009374071/en/

As threats accelerate and companies face data breaches costing millions of dollars each, Checkmarx One experiences record growth empowering enterprise developers to protect existing, new, and AI-generated code.