Checkmarx, a global forerunner in AI-enhanced application security testing, has reported unprecedented growth for its primary platform, Checkmarx One. This announcement reflects a substantial increase in customer adoption spurred by technological innovation and strategic advancements.
Record-breaking Growth and Adoption
Checkmarx One is emerging as the go-to solution for modern application security, safeguarding over 860 of the world's leading enterprises. This surge in customers has propelled the platform's annual recurring revenue (ARR) to over $150 million in just three years, establishing it as one of the quickest expanding platforms in the application security domain. The company’s acceleration in 2023 is attributable to CEO Sandeep Johri, who steered Checkmarx through this robust growth phase, paving the way for further advancement.
In a landscape where data breaches cost companies approximately $4.4 million on average, as highlighted by a recent IBM report, Checkmarx One offers comprehensive protection for enterprise business concerning existing, new, and AI-generated code.
Checkmarx One: A Comprehensive Security Solution
Every month, Checkmarx analyses in excess of 800 billion lines of code, conducts four million scans, secures over three million open-source packages, and inspects nearly one million container images. Its vigilant efforts prevent approximately half a million malicious packages from affecting organisations.
In 2025, Checkmarx One maintained its growth trajectory with a more than 20% increase in customer base and a 30% rise in ARR year-to-date, as more organisations turn to Checkmarx One for securing their code.
Measurable Business Impact
Checkmarx One has shown tangible business benefits by reducing vulnerabilities per project by over 50% within a year and cutting remediation costs by more than 60%. Significant evidence of its impact can be seen in cases such as construction giant PCL, which swiftly onboarded Checkmarx One and began scanning over four million lines of code weekly, and Cebu Pacific, which saw a 50% reduction in vulnerability density.
Recognition and Regulatory Milestones
Checkmarx's leadership in the field has earned it recognition as a Leader in the 2025 Gartner Magic Quadrant for Application Security Testing (AST), the 2025 Forrester Wave for Static Application Security Testing (SAST), and the IDC MarketScape: Worldwide Application Security Posture Management (ASPM) 2025 Vendor Assessment. Additionally, Checkmarx has achieved the FedRAMP Ready status at the High Impact Level for its Checkmarx One for Government platform, setting a new standard in cloud system security.
Checkmarx Zero Research: Driving AppSec Intelligence
The Checkmarx Zero Research team plays a vital role in enhancing Checkmarx One’s capabilities. This dedicated group continuously explores vulnerabilities in the software development landscape, addressing both traditional application security and rising threats from open-source supply chain and emerging LLM security risks.
Beyond publishing innovative threat research, Checkmarx Zero contributes to the broader security community, sharing intelligence and supporting popular open-source tools like KICS, 2MS, and ZAP. This proactive research cycle ensures Checkmarx One stays ahead of the latest threats.
AI and the Future of Secure Development
Checkmarx's research, reflected in studies on AI-driven coding risks, underscores the urgency for security in AI-assisted development. Findings reveal a significant portion of organisational code is machine-generated, yet few have governance measures to manage this trend, leading to higher vulnerability rates.
"The velocity of AI-assisted development makes a holistic security approach that is rooted in prevention, like Checkmarx One, even more critical," stated Sandeep Johri, CEO of Checkmarx.
Companies striving for AI-driven productivity must equally invest in security to mitigate risks. AI-powered security tools such as Checkmarx One are crucial to matching developers’ pace and securing code from inception.
Pioneering AI Code Security Assistants
In response to these challenges, Checkmarx introduced Developer Assist in August. This innovative tool provides developers with real-time guidance, significantly reducing remediation time from days to minutes. Integrated with major AI-native development environments like Windsurf by Cognition, Cursor, and GitHub Copilot, Developer Assist leverages the synergy between AI productivity and robust security standards of Checkmarx.
Checkmarx, the global pioneer in agentic-AI powered application security testing, announced record-breaking growth for its flagship platform, Checkmarx One, underscoring a wave of customer adoption fuelled by innovation and strategic pioneering.
The news comes alongside groundbreaking research from Checkmarx Zero that highlights the urgent need for secure software in an AI-driven development landscape.
Record-breaking growth & adoption
Checkmarx One has rapidly become the platform of choice for securing modern applications
Checkmarx One has rapidly become the platform of choice for securing modern applications, now protecting more than 860 of the world’s largest enterprises.
This wave of customer adoption has propelled the platform beyond $150 million in ARR in three years, cementing Checkmarx One as one of the fastest-growing platforms in application security. Momentum accelerated for Checkmarx in 2023 when Sandeep Johri took the helm as CEO, guiding the company through a period of unprecedented growth and positioning it for sustained expansion.
Today, as companies face data breaches that, according to an IBM report this year, cost an average of $4.4 million dollars each, Checkmarx One offers the most comprehensive enterprise business protection for existing, new, and AI-generated code.
Checkmarx One
Each month, Checkmarx analyzes over 800 billion lines of code, performs four million scans, secures more than three million open-source packages, and inspects nearly a million container images, all while identifying approximately half a million malicious packages before they can impact organisations.
Checkmarx One has continued this growth trajectory in 2025, with more than 20% customer growth and more than 30% ARR growth year-to-date (as of Sept. 30, 2025), as organisations increasingly turn to Checkmarx One to secure the code driving their businesses.
Measurable business impact
With a proven track record of innovation and measurable business impact, Checkmarx One reduces customers’ vulnerabilities per project by more than 50% on average within a year of implementation and cuts the average cost per fix by more than 60%. Customer success stories illustrate its transformative effect:
- Construction giant PCL went from onboarding Checkmarx One in a matter of hours to scanning more than four million lines of code a week for rapid detection, remediation and reduced supply chain risk.
- Cebu Pacific, the largest airline in the Philippines, reduced its vulnerability density by 50% with Checkmarx One.
Recognition & regulatory milestones
Checkmarx was named a Leader in the 2025 Gartner Magic Quadrant for Application Security Testing
Checkmarx was named a Leader in the 2025 Gartner Magic Quadrant for Application Security Testing (AST). In addition, Checkmarx was named a leader in the 2025 Forrester Wave for Static Application Security Testing (SAST), and the IDC MarketScape: Worldwide Application Security Posture Management (ASPM) 2025 Vendor Assessment.
The company also announced that it has achieved FedRAMP Ready at the High Impact Level for its Checkmarx One for Government platform, the most stringent baseline for FedRAMP cloud systems. Checkmarx is the first AppSec platform to reach Ready status at this level with full coverage across the software development lifecycle (SDLC).
Checkmarx Zero Research: Intelligence powering AppSec
At the heart of Checkmarx One’s capabilities lies the ongoing work of Checkmarx Zero Research. This specialised research group continuously breaks and protects the building blocks of modern software development, from traditional AppSec to open-source supply chain threats and emerging LLM security risks.
In addition to publishing groundbreaking threat research, Checkmarx Zero fuels the intelligence layer of Checkmarx One and contributes actively to the security ecosystem through information sharing, community events, and supporting widely adopted open-source tools for infrastructure-as-code (IaC), secret protection, and application scanning, KICS, 2MS and ZAP respectively.
This continuous loop of threat discovery, research, and intelligence infusion ensures that Checkmarx One customers are always equipped against the most advanced and fast-evolving risks.
AI & the future of secure development
Checkmarx’s Future of Application Security in the Era of AI and Keeping Bad Vibes Out: AppSec in the Age of AI-Assisted Coding reports, based on a survey of 1,500+ security pioneers and developers, reveal the stark risks of AI-driven coding:
- 34% of organisations report that over 60% of their code is machine generated.
- Nearly one in 10 organisations say 80–100% of their codebase is AI-written.
- Despite this surge, only 18% have AI governance policies, and more than 80% knowingly ship vulnerable code often or sometimes, up from 66% in 2024.
- 98% experienced a breach stemming from vulnerable code in the past year.
- Shadow AI is on the rise: 20% officially ban AI tools, yet developers use them anyway.
AI-assisted development
“The velocity of AI-assisted development makes a holistic security approach that is rooted in prevention, like Checkmarx One, even more critical,” said Sandeep Johri, CEO of Checkmarx.
“Application security cannot be an afterthought. Organisations pursuing transformative gains in productivity through AI coding must put equal investment in security or pay the price of dramatically increased risk. Modern enterprises need AI-powered security tools to keep pace with developers and start securing code from the moment of creation preventing vulnerabilities in real time.”
Pioneering AI Code Security Assistants
In response, Checkmarx introduced Developer Assist to general availability in August. The first in a new category of AI Code Security Assistants, Developer Assist provides developers with real-time, context-aware guidance as they code—reducing remediation time from one to two days to just 10–15 minutes.
Integrated with major AI-native development environments such as Windsurf by Cognition, Cursor, and GitHub Copilot, Developer Assist empowers teams to prevent vulnerabilities before they reach production, combining the productivity of AI with the security rigour of Checkmarx.
