SAN FRANCISCO — Semgrep, operator of an Application Security platform, has landed $100 million in Series D funding led by Menlo Ventures. With added participation from existing investors including Felicis Ventures, Harpoon Ventures, Lightspeed Venture Partners, Redpoint Ventures, and Sequoia Capital, this round brings the company’s total funding to $204 million to date.
Customers and security leaders tell Semgrep current code scanners are noisy and low efficacy, slow developers down, and are difficult to operationalize. Simultaneously, organizations face mounting pressure to secure increasingly complex codebases while maintaining rapid development cycles. Semgrep’s AppSec Platform enables developers and security engineers to establish Secure Guardrails, transitioning from traditional risk management to proactive security engineering. Semgrep is building the world’s best autonomous code security platform in three key ways:
- Delivering market-leading signal-to-noise ratio and prioritization;
- Product choices that keep developer productivity high and perception of security positive; and
- Enabling an effective AppSec program at an affordable price.
“The era of AI for security is here, and Semgrep is uniquely positioned to help organizations secure their code without sacrificing development velocity,” said Isaac Evans, CEO at Semgrep. “With the Semgrep platform, you can build an Appsec program with cost-effectiveness, security, and development speed.”
“AI is having a profound impact on all areas of technology. Semgrep’s approach to autonomous code security is a perfect example and represents the future of application security,” said Matt Murphy, Partner at Menlo Ventures and new Board Member of Semgrep. “Semgrep’s unique combination of AI capabilities and deep security expertise solidifies them as the leader in this increasingly critical market.”
Security teams are overwhelmed with the volume of code they have to secure. Launched just two weeks ago, Semgrep Assistant learns your organization’s software development life cycle, automatically finds, triages, prioritizes, and fixes the most important security issues as an agentic AppSec engineer. Through its LLM-powered platform, Semgrep automatically converts identified security bugs into secure guardrails, enabling developers to write more secure code without sacrificing speed.
