Checkmarx One, an agentic-AI powered application security testing platform, has reported record growth, driven by increasing customer adoption and strategic advancements. This expansion highlights the platform’s role in addressing the critical need for secure software in an AI-driven development environment, particularly as data breaches continue to incur significant costs for businesses.\n\nCheckmarx One has emerged as a platform for securing modern applications, now protecting over 860 of the world’s largest enterprises. The platform has surpassed $150 million in Annual Recurring Revenue (ARR) within three years, establishing it as one of the fastest-growing application security platforms. This momentum accelerated under CEO Sandeep Johri, who assumed leadership in 2023. With average data breach costs reaching $4.4 million, according to an IBM report, Checkmarx One provides comprehensive protection for existing, new, and AI-generated code. Monthly, Checkmarx processes more than 800 billion lines of code, conducts four million scans, secures over three million open-source packages, and inspects nearly one million container images, while identifying approximately half a million malicious packages before they impact organizations. The platform has sustained this growth into 2025, recording over 20% customer growth and more than 30% ARR growth year-to-date as of September 30, 2025.\n\nCheckmarx One demonstrates a measurable business impact, reducing customers’ vulnerabilities per project by over 50% on average within one year of implementation and decreasing the average cost per fix by more than 60%. For instance, construction firm PCL rapidly deployed Checkmarx One, scanning more than four million lines of code weekly to enhance detection, remediation, and supply chain risk reduction. Cebu Pacific, the largest airline in the Philippines, reported a 50% reduction in vulnerability density after adopting the platform.\n\nCheckmarx has received industry recognition, being named a Leader in the 2025 Gartner® Magic Quadrant™ for Application Security Testing (AST), the 2025 Forrester Wave™ for Static Application Security Testing (SAST), and the IDC MarketScape: Worldwide Application Security Posture Management (ASPM) 2025 Vendor Assessment. The company also announced that its Checkmarx One for Government platform achieved FedRAMP Ready status at the High Impact Level, representing the most stringent baseline for FedRAMP cloud systems and making it the first AppSec platform to reach this level with full coverage across the software development lifecycle (SDLC).\n\nThe capabilities of Checkmarx One are supported by Checkmarx Zero Research, a specialized group that focuses on breaking and protecting components of modern software development, including traditional AppSec, open-source supply chain threats, and emerging Large Language Model (LLM) security risks. This research directly informs the intelligence layer of Checkmarx One and contributes to the security ecosystem through information sharing and supporting open-source tools such as KICS for infrastructure-as-code (IaC), 2MS for secret protection, and ZAP for application scanning. This continuous cycle of threat discovery and intelligence integration ensures that Checkmarx One customers are equipped against evolving risks.\n\nReports from Checkmarx, including “Future of Application Security in the Era of AI” and “Keeping Bad Vibes Out: AppSec in the Age of AI-Assisted Coding,” surveyed over 1,500 security leaders and developers, highlighting the risks of AI-driven coding. Findings indicate that 34% of organizations report more than 60% of their code is machine-generated, with nearly one in ten stating 80–100% of their codebase is AI-written. Despite this, only 18% have AI governance policies, and over 80% knowingly ship vulnerable code often or sometimes, an increase from 66% in 2024. Furthermore, 98% experienced a breach stemming from vulnerable code in the past year, and 20% of organizations, despite official bans, report developers using AI tools, indicating a rise in Shadow AI.\n\nSandeep Johri, CEO of Checkmarx, stated, “The velocity of AI-assisted development makes a holistic security approach that is rooted in prevention, like Checkmarx One, even more critical. Organizations pursuing transformative gains in productivity through AI coding must put equal investment in security or pay the price of dramatically increased risk. Modern enterprises need AI-powered security tools to keep pace with developers and start securing code from the moment of creation, preventing vulnerabilities in real time.”\n\nIn response to these challenges, Checkmarx released Developer Assist to general availability in August. As a new category of AI Code Security Assistant, Developer Assist offers developers real-time, context-aware guidance during coding, reducing remediation time from one to two days to 10–15 minutes. It integrates with AI-native development environments such as Windsurf by Cognition, Cursor, and GitHub Copilot, aiming to prevent vulnerabilities before they reach production by combining AI productivity with Checkmarx’s security rigor.