Checkmarx, the global leader in agentic-AI powered application security testing,  announced exceptional growth for its flagship platform, Checkmarx One, achieving over $150 million in annual recurring revenue (ARR) in just three years. This milestone underscores the platform’s rapid adoption by enterprises worldwide, driven by continuous innovation and visionary leadership.

Checkmarx pioneers AI Coding Security Assistants and achieves $150M ARR as enterprises secure AI-generated code worldwide.

The announcement coincides with new research from Checkmarx Zero highlighting the escalating security risks of AI-generated code and the growing global demand for preventive application security.

Exceptional Growth and Global Adoption

Checkmarx One has become the preferred platform for securing modern applications, now protecting more than 860 of the world’s largest enterprises. The company continues to post strong momentum, with over 30% ARR growth and 20% customer growth year-to-date (as of Sept. 30, 2025).

Under the leadership of CEO Sandeep Johri, who joined in 2023, Checkmarx has maintained double-digit global growth while expanding its presence in Asia Pacific and the Middle East, where demand for secure software development is accelerating in sectors such as financial services, government, and telecommunications.

Each month, Checkmarx One analyzes over 800 billion lines of code, performs four million scans, secures more than three million open-source packages, and inspects nearly one million container images—identifying approximately half a million malicious packages before they can impact organizations.

Marketing Technology News: MarTech Interview with Miguel Lopes, CPO @ TrafficGuard

Proven Business Impact

With a prevention-first approach and measurable results, Checkmarx One helps enterprises reduce vulnerabilities per project by more than 50% within the first year and cut the average cost per fix by over 60%.

• Cebu Pacific, the largest airline in the Philippines, reduced vulnerability density by 50% using Checkmarx One.
• Construction leader PCL onboarded Checkmarx One within hours and now scans over four million lines of code weekly, reducing supply chain risk and accelerating remediation.

Recognition and Regulatory Leadership

Checkmarx has been recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for Application Security Testing (AST), a Leader in The Forrester Wave™ for Static Application Security Testing (SAST), and a Leader in the IDC MarketScape: Worldwide Application Security Posture Management (ASPM) 2025 Vendor Assessment.

The company also achieved FedRAMP Ready status at the High Impact Level for its Checkmarx One for Government platform—the first AppSec solution to reach this milestone with full SDLC coverage.

Checkmarx Zero Research: Intelligence Powering Secure Development

At the core of Checkmarx innovation lies Checkmarx Zero Research, a dedicated team that uncovers and mitigates the building blocks of modern software risk—from open-source supply chain threats to emerging LLM security challenges.

The group continuously fuels the intelligence layer of Checkmarx One and supports the global security ecosystem through open-source projects such as KICS, 2MS, and ZAP, advancing infrastructure-as-code, secret protection, and application scanning for organizations everywhere.

Marketing Technology News: BambooHR and Marketing Architects Launch First National TV Campaign to Build Brand Visibility

AI and the Future of Secure Development

The Checkmarx “Future of Application Security in the Era of AI” report—based on a survey of 1,500+ global security and development leaders—reveals a dramatic shift in coding practices:

• 34% of organizations report that over 60% of their code is machine-generated.
• Nearly 1 in 10 say 80–100% of their codebase is AI-written.
• Only 18% have AI governance policies in place, and 98% experienced a breach tied to vulnerable code in the past year.

“The velocity of AI-assisted development makes a holistic, prevention-first security approach more critical than ever,” said Sandeep Johri, CEO of Checkmarx. “Organizations embracing AI for productivity gains must equally invest in securing the code it produces. Checkmarx One delivers the AI-powered security intelligence modern enterprises need to stay protected from the moment code is created.”

Pioneering AI Code Security Assistants

In response to this new era of AI-driven development, Checkmarx introduced Developer Assist, the first in a new category of AI Coding Security Assistants. Now generally available, Developer Assist provides developers with real-time, context-aware guidance as they code—reducing remediation time from days to minutes.

Integrated with leading AI-native environments such as Windsurf by Cognition, Cursor, and GitHub Copilot, Developer Assist empowers teams to prevent vulnerabilities before production, combining the agility of AI with the security rigor of Checkmarx.

“Across Asia Pacific, the Middle East, and Africa, we’re seeing organizations embrace AI-driven innovation to transform how software is developed,” said Nitin Dang, VP for APAC, Middle East, and Africa at Checkmarx. “Checkmarx One empowers developers and security teams to harness AI responsibly – helping governments and enterprises protect their applications while achieving faster time to market.”

¹ Gartner®, Magic Quadrant™ for Application Security Testing, By Jason Gross, Mark Horvath, Giles Williams, Shailendra Upadhyay, Dionisio Zumerle, Aaron Lord, October 6, 2025

Gartner Disclaimer

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

GARTNER is a registered trademark and service mark, and MAGIC QUADRANT is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.

² The Forrester Wave™: Static Application Security Testing Solutions, Q3 2025, Forrester Research, Inc., September 9, 2025

Forrester does not endorse any company, product, brand, or service included in its research publications and does not advise any person to select the products or services of any company or brand based on the ratings included in such publications. Information is based on the best available resources. Opinions reflect judgment at the time and are subject to change. For more information, read about Forrester’s objectivity here.

³ IDC MarketScape: Worldwide Application Security Posture Management Platforms 2025 Vendor Assessment, Doc # US53001925, September 2025

IDC MarketScape vendor assessment model is designed to provide an overview of the competitive fitness of technology and service suppliers in a given market. The research utilizes a rigorous scoring methodology based on both qualitative and quantitative criteria that results in a single graphical illustration of each supplier’s position within a given market. IDC MarketScape provides a clear framework in which the product and service offerings, capabilities and strategies, and current and future market success factors of technology suppliers can be meaningfully compared. The framework also provides technology buyers with a 360-degree assessment of the strengths and weaknesses of current and prospective suppliers.