Checkmarx, a leading innovator in the field of AI-driven application security testing, has reported remarkable growth for its flagship platform, Checkmarx One. The platform has experienced significant customer adoption, driven by strategic advancements and groundbreaking innovation, highlighting the urgent need for secure software amidst the rapid expansion of AI-driven development.
Record-breaking Growth and Adoption
Checkmarx One has quickly become essential for modern application security, now protecting over 860 of the world's largest enterprises. The platform's adoption has skyrocketed, surpassing $150 million in annual recurring revenue (ARR) within just three years. This places Checkmarx One among the fastest-growing platforms in the application security sector. The company gained further momentum in 2023 when CEO Sandeep Johri took charge, steering it through extraordinary growth and preparing for continued expansion.
With data breaches costing an average of $4.4 million as reported by IBM, Checkmarx One offers a robust enterprise business protection solution for both existing and AI-generated code. Monthly, Checkmarx inspects over 800 billion lines of code, conducts four million scans, and safeguards more than three million open-source packages.
Measurable Business Impact
Checkmarx One's performance in 2025 showcases over 20% customer growth and more than 30% ARR growth year-to-date as of September 30, 2025. It significantly reduces vulnerabilities by over 50% within a year and decreases the cost per fix by more than 60%. Notable success stories include construction giant PCL, which swiftly implemented Checkmarx One to scan millions of lines of code weekly, and Cebu Pacific, which cut vulnerability density by 50%.
Recognition and Regulatory Milestones
Checkmarx was named a Leader in the 2025 Gartner Magic Quadrant for Application Security Testing. It also achieved leadership in the 2025 Forrester Wave for Static Application Security Testing and the IDC MarketScape: Worldwide ASPM Vendor Assessment. Furthermore, Checkmarx One for Government reached FedRAMP Ready status at the High Impact Level, indicating comprehensive coverage across the software development lifecycle.
Checkmarx Zero Research: Enhancing AppSec
Central to Checkmarx One's strength is Checkmarx Zero Research, a team dedicated to advancing modern software development security. This group continuously identifies and addresses supply chain threats and emerging security risks, contributing significantly to the intelligence layer of Checkmarx One.
As AI-assisted coding becomes prevalent, Checkmarx Zero's insights are crucial in sharing information, supporting community events, and maintaining open-source tools for infrastructure and application scanning. This ensures customers stay equipped against evolving security risks.
AI and the Future of Secure Development
The rapid evolution of AI-driven coding presents both opportunities and risks. Checkmarx’s reports reveal that 34% of organizations rely on AI for over 60% of their code, with inadequate governance policies resulting in increased security vulnerabilities. CEO Sandeep Johri emphasizes the need for proactive security measures, stating, "Modern enterprises need AI-powered security tools to keep pace with developers and start securing code from the moment of creation, preventing vulnerabilities in real time."
Pioneering AI Code Security Assistants
In response to these challenges, the company launched Developer Assist, a groundbreaking AI Code Security Assistant, available as of August. This tool provides developers with real-time, context-aware guidance during coding, dramatically reducing remediation time and enhancing security by integrating with AI-native development environments like GitHub Copilot. Developer Assist exemplifies the fusion of AI productivity with rigorous security practices, empowering teams to prevent vulnerabilities before they reach production.
Checkmarx, the global pioneer in agentic-AI powered application security testing, announced record-breaking growth for its flagship platform, Checkmarx One, underscoring a wave of customer adoption fueled by innovation and strategic pioneering.
The news comes alongside groundbreaking research from Checkmarx Zero that highlights the urgent need for secure software in an AI-driven development landscape.
Record-breaking growth & adoption
Checkmarx One has rapidly become the platform of choice for securing modern applications
Checkmarx One has rapidly become the platform of choice for securing modern applications, now protecting more than 860 of the world’s largest enterprises.
This wave of customer adoption has propelled the platform beyond $150 million in ARR in three years, cementing Checkmarx One as one of the fastest-growing platforms in application security. Momentum accelerated for Checkmarx in 2023 when Sandeep Johri took the helm as CEO, guiding the company through a period of unprecedented growth and positioning it for sustained expansion.
Today, as companies face data breaches that, according to an IBM report this year, cost an average of $4.4 million dollars each, Checkmarx One offers the most comprehensive enterprise business protection for existing, new, and AI-generated code.
Checkmarx One
Each month, Checkmarx analyzes over 800 billion lines of code, performs four million scans, secures more than three million open-source packages, and inspects nearly a million container images, all while identifying approximately half a million malicious packages before they can impact organizations.
Checkmarx One has continued this growth trajectory in 2025, with more than 20% customer growth and more than 30% ARR growth year-to-date (as of Sept. 30, 2025), as organizations increasingly turn to Checkmarx One to secure the code driving their businesses.
Measurable business impact
With a proven track record of innovation and measurable business impact, Checkmarx One reduces customers’ vulnerabilities per project by more than 50% on average within a year of implementation and cuts the average cost per fix by more than 60%. Customer success stories illustrate its transformative effect:
- Construction giant PCL went from onboarding Checkmarx One in a matter of hours to scanning more than four million lines of code a week for rapid detection, remediation and reduced supply chain risk.
- Cebu Pacific, the largest airline in the Philippines, reduced its vulnerability density by 50% with Checkmarx One.
Recognition & regulatory milestones
Checkmarx was named a Leader in the 2025 Gartner Magic Quadrant for Application Security Testing
Checkmarx was named a Leader in the 2025 Gartner Magic Quadrant for Application Security Testing (AST). In addition, Checkmarx was named a leader in the 2025 Forrester Wave for Static Application Security Testing (SAST), and the IDC MarketScape: Worldwide Application Security Posture Management (ASPM) 2025 Vendor Assessment.
The company also announced that it has achieved FedRAMP Ready at the High Impact Level for its Checkmarx One for Government platform, the most stringent baseline for FedRAMP cloud systems. Checkmarx is the first AppSec platform to reach Ready status at this level with full coverage across the software development lifecycle (SDLC).
Checkmarx Zero Research: Intelligence powering AppSec
At the heart of Checkmarx One’s capabilities lies the ongoing work of Checkmarx Zero Research. This specialized research group continuously breaks and protects the building blocks of modern software development, from traditional AppSec to open-source supply chain threats and emerging LLM security risks.
In addition to publishing groundbreaking threat research, Checkmarx Zero fuels the intelligence layer of Checkmarx One and contributes actively to the security ecosystem through information sharing, community events, and supporting widely adopted open-source tools for infrastructure-as-code (IaC), secret protection, and application scanning, KICS, 2MS and ZAP respectively.
This continuous loop of threat discovery, research, and intelligence infusion ensures that Checkmarx One customers are always equipped against the most advanced and fast-evolving risks.
AI & The Future of Secure Development
Checkmarx’s Future of Application Security in the Era of AI and Keeping Bad Vibes Out: AppSec in the Age of AI-Assisted Coding reports, based on a survey of 1,500+ security pioneers and developers, reveal the stark risks of AI-driven coding:
- 34% of organizations report that over 60% of their code is machine generated.
- Nearly one in 10 organizations say 80–100% of their codebase is AI-written.
- Despite this surge, only 18% have AI governance policies, and more than 80% knowingly ship vulnerable code often or sometimes, up from 66% in 2024.
- 98% experienced a breach stemming from vulnerable code in the past year.
- Shadow AI is on the rise: 20% officially ban AI tools, yet developers use them anyway.
AI-assisted development
“The velocity of AI-assisted development makes a holistic security approach that is rooted in prevention, like Checkmarx One, even more critical,” said Sandeep Johri, CEO of Checkmarx.
“Application security cannot be an afterthought. Organizations pursuing transformative gains in productivity through AI coding must put equal investment in security or pay the price of dramatically increased risk. Modern enterprises need AI-powered security tools to keep pace with developers and start securing code from the moment of creation preventing vulnerabilities in real time.”
Pioneering AI Code Security Assistants
In response, Checkmarx introduced Developer Assist to general availability in August. The first in a new category of AI Code Security Assistants, Developer Assist provides developers with real-time, context-aware guidance as they code—reducing remediation time from one to two days to just 10–15 minutes.
Integrated with major AI-native development environments such as Windsurf by Cognition, Cursor, and GitHub Copilot, Developer Assist empowers teams to prevent vulnerabilities before they reach production, combining the productivity of AI with the security rigor of Checkmarx.
