Checkmarx, the global pioneer in agentic-AI powered application security testing, announced record-breaking growth for its flagship platform, Checkmarx One, underscoring a wave of customer adoption fuelled by innovation and strategic pioneering.
The news comes alongside groundbreaking research from Checkmarx Zero that highlights the urgent need for secure software in an AI-driven development landscape.
Record-breaking growth & adoption
Checkmarx One has rapidly become the platform of choice for securing modern applications
Checkmarx One has rapidly become the platform of choice for securing modern applications, now protecting more than 860 of the world’s largest enterprises.
This wave of customer adoption has propelled the platform beyond $150 million in ARR in three years, cementing Checkmarx One as one of the fastest-growing platforms in application security. Momentum accelerated for Checkmarx in 2023 when Sandeep Johri took the helm as CEO, guiding the company through a period of unprecedented growth and positioning it for sustained expansion.
Today, as companies face data breaches that, according to an IBM report this year, cost an average of $4.4 million dollars each, Checkmarx One offers the most comprehensive enterprise business protection for existing, new, and AI-generated code.
Checkmarx One
Each month, Checkmarx analyzes over 800 billion lines of code, performs four million scans, secures more than three million open-source packages, and inspects nearly a million container images, all while identifying approximately half a million malicious packages before they can impact organisations.
Checkmarx One has continued this growth trajectory in 2025, with more than 20% customer growth and more than 30% ARR growth year-to-date (as of Sept. 30, 2025), as organisations increasingly turn to Checkmarx One to secure the code driving their businesses.
Measurable business impact
With a proven track record of innovation and measurable business impact, Checkmarx One reduces customers’ vulnerabilities per project by more than 50% on average within a year of implementation and cuts the average cost per fix by more than 60%. Customer success stories illustrate its transformative effect:
- Construction giant PCL went from onboarding Checkmarx One in a matter of hours to scanning more than four million lines of code a week for rapid detection, remediation and reduced supply chain risk.
- Cebu Pacific, the largest airline in the Philippines, reduced its vulnerability density by 50% with Checkmarx One.
Recognition & regulatory milestones
Checkmarx was named a Leader in the 2025 Gartner Magic Quadrant for Application Security Testing
Checkmarx was named a Leader in the 2025 Gartner Magic Quadrant for Application Security Testing (AST). In addition, Checkmarx was named a leader in the 2025 Forrester Wave for Static Application Security Testing (SAST), and the IDC MarketScape: Worldwide Application Security Posture Management (ASPM) 2025 Vendor Assessment.
The company also announced that it has achieved FedRAMP Ready at the High Impact Level for its Checkmarx One for Government platform, the most stringent baseline for FedRAMP cloud systems. Checkmarx is the first AppSec platform to reach Ready status at this level with full coverage across the software development lifecycle (SDLC).
Checkmarx Zero Research: Intelligence powering AppSec
At the heart of Checkmarx One’s capabilities lies the ongoing work of Checkmarx Zero Research. This specialised research group continuously breaks and protects the building blocks of modern software development, from traditional AppSec to open-source supply chain threats and emerging LLM security risks.
In addition to publishing groundbreaking threat research, Checkmarx Zero fuels the intelligence layer of Checkmarx One and contributes actively to the security ecosystem through information sharing, community events, and supporting widely adopted open-source tools for infrastructure-as-code (IaC), secret protection, and application scanning, KICS, 2MS and ZAP respectively.
This continuous loop of threat discovery, research, and intelligence infusion ensures that Checkmarx One customers are always equipped against the most advanced and fast-evolving risks.
AI & the future of secure development
Checkmarx’s Future of Application Security in the Era of AI and Keeping Bad Vibes Out: AppSec in the Age of AI-Assisted Coding reports, based on a survey of 1,500+ security pioneers and developers, reveal the stark risks of AI-driven coding:
- 34% of organisations report that over 60% of their code is machine generated.
- Nearly one in 10 organisations say 80–100% of their codebase is AI-written.
- Despite this surge, only 18% have AI governance policies, and more than 80% knowingly ship vulnerable code often or sometimes, up from 66% in 2024.
- 98% experienced a breach stemming from vulnerable code in the past year.
- Shadow AI is on the rise: 20% officially ban AI tools, yet developers use them anyway.
AI-assisted development
“The velocity of AI-assisted development makes a holistic security approach that is rooted in prevention, like Checkmarx One, even more critical,” said Sandeep Johri, CEO of Checkmarx.
“Application security cannot be an afterthought. Organisations pursuing transformative gains in productivity through AI coding must put equal investment in security or pay the price of dramatically increased risk. Modern enterprises need AI-powered security tools to keep pace with developers and start securing code from the moment of creation preventing vulnerabilities in real time.”
Pioneering AI Code Security Assistants
In response, Checkmarx introduced Developer Assist to general availability in August. The first in a new category of AI Code Security Assistants, Developer Assist provides developers with real-time, context-aware guidance as they code—reducing remediation time from one to two days to just 10–15 minutes.
Integrated with major AI-native development environments such as Windsurf by Cognition, Cursor, and GitHub Copilot, Developer Assist empowers teams to prevent vulnerabilities before they reach production, combining the productivity of AI with the security rigour of Checkmarx.