Checkmarx

Checkmarx

Company type	Private
Industry	Software Security, Application security
Founded	2006
Founder	Maty Siman (CTO), Emmanuel Benzaquen (Former CEO)
Headquarters	Atlanta, Georgia, US
Key people	Sandeep Johri (CEO)
Website	checkmarx.com

Checkmarx is an enterprise application security company specializing in static application security testing (SAST) headquartered in Atlanta, Georgia in the United States. ^[1] It has over 900 employees. ^[1]

Background

Before founding Checkmarx, Maty Siman worked in the Mamram unit of the Israeli Defense Forces (IDF) and later in the Matzov unit. Then he worked a two years term until February 2006 as an advisor at the Israeli Prime Minister's Office. ^[2]

History

Checkmarx was founded in 2006 by Maty Siman and Emmanuel Benzaquen. ^{[3] [1]}

In 2017, Checkmarx acquired Codebashing to add AppSec training. ^[4] The following year, it acquired Custodela, DevSecOps consulting firm. ^{[5] [6]}

Checkmarx was acquired in April 2020 by Hellman & Friedman, a private equity firm with headquarters in San Francisco.

In August 2021, Checkmarx acquired Dustico, a software that detects backdoors and malicious attacks in the software supply chain. ^{[7] [8]}

In 2023, founder Emmanuel Benzaquen stepped down as CEO and was succeeded by Sandeep Johri.' ^[9]

Checkmarx announced in December 2025 that it had acquired Tromzo, a California-based company known for its AI-native autonomous security agents. ^[10] No financial details were made public. Checkmarx stated that Tromzo’s founders, Harshil Parikh and Harshit Chitalia, together with their full AI engineering team, will transition to Checkmarx’s product and engineering division. ^[11] Tromzo’s cognitive architecture and reasoning engine will serve as an intelligence layer throughout the Checkmarx One platform and will drive new Assist agents beginning in early 2026. ^[12]

Research

Checkmarx maintains a research division, Checkmarx Zero, that has published findings on vulnerabilities and software supply chain risks:

• In 2019, researchers disclosed flaws in Google and Samsung Android camera apps that could enable remote surveillance. ^[13]
• In 2022, Ars Technica reported a flaw in the Ring Android app that exposed sensitive user data. ^[14]
• In 2025, Checkmarx reported malicious Python packages on PyPI designed to exfiltrate data. ^[15]
• In 2025, Cybersecurity Dive reported survey data from Checkmarx indicating that 98% of organizations experienced breaches linked to software flaws. ^[16]
• In 2025, ITProToday covered research warning that AI-generated code creates "blind spots" in DevSecOps. ^[17]

Independent reporting on Checkmarx research also examined manipulation risks in AI coding agents via a "lies-in-the-loop" technique, ^[18] alongside broader supply-chain findings in public repositories. ^[19] Survey reporting highlighted that most organizations experienced breaches tied to vulnerable code amid growing adoption of AI development tools. ^[20]

Funding

Checkmarx's early investors include Salesforce, which remains a partner as Checkmarx provides security reviews for the Salesforce AppExchange. ^{[21] [22] [23]} In 2015, U.S. private equity and venture capital firm Insight Partners acquired Checkmarx for $84 million. ^{[23] [1] [3]}

In April 2020, private equity firm Hellman & Friedman, alongside private investment firm TPG, ^[24] acquired Checkmarx for $1.15 billion. ^{[1] [3] [25]} After the acquisition, Insight Partners retained a minority interest in the company. ^{[1] [26]}

See also

• Security testing

References

1. "Hellman & Friedman Acquires Checkmarx for $1.15B". Dark Reading. 16 March 2020. Retrieved 2024-05-06.
2. Bar-Yosef, Noa (November 20, 2012). "Security Startups: In Focus With CheckMarx Founder Maty Siman". SecurityWeek.
3. "Insight Partners sells security firm Checkmarx to Hellman & Friedman for $1.15B". TechCrunch. 16 March 2020. Retrieved 2020-09-01.
4. "App security co Checkmarx buys UK co Codebashing". Globes. 2017-07-24. Retrieved 2025-11-21.
5. Wenkert, Amarelle (2018-11-08). "Cybersecurity Company Checkmarx Buys Ontario-based Custodela". CTECH - www.calcalistech.com. Retrieved 2020-09-09.
6. "Checkmarx Acquires Custodela". Dark Reading. 8 November 2018. Retrieved 2020-09-09.
7. "Checkmarx acquires open-source supply chain security startup Dustico". TechCrunch. 5 August 2021. "Checkmarx's Dustico acquisition bolsters the open source software supply chain". VentureBeat. 2021-08-09. Archived from the original on 2023-10-03. Retrieved 2025-11-21.
8. Page, Carly (2021-08-05). "Checkmarx acquires open-source supply chain security startup Dustico". TechCrunch. Retrieved 2025-11-21.
9. "Checkmarx CEO Benzaquen stepping down after 17 years in latest shakeup at cyber unicorn". ctech. 2023-02-28. Retrieved 2025-11-21.
10. "Checkmarx acquires Tromzo: Leap in autonomous AppSec". SourceSecurity.com. 10 December 2025. Retrieved 10 December 2025.
11. Dorbian, Iris (10 December 2025). "PE-backed Checkmarx acquires tech company Tromzo". PE Hub. Retrieved 10 December 2025.
12. Chowdhry, Amit (9 December 2025). "Checkmarx Buys Tromzo To Advance Agentic Application Security". Pulse 2.0. Retrieved 10 December 2025.
13. "Camera app vulnerability could allow surveillance of Android users". SecurityWeek. 19 November 2019. Retrieved 5 October 2025.
14. "Ring Android bug could let rogue apps spy on camera feeds". Ars Technica. 29 August 2022. Retrieved 5 October 2025.
15. "Checkmarx surfaces malicious effort to compromise software supply chains". DevOps.com. 15 January 2025. Retrieved 6 October 2025.
16. "Developers knowingly push vulnerable code, despite growing breach risk". Cybersecurity Dive. 3 September 2025. Retrieved 5 October 2025.
17. "AI code generation creates blind spots in DevSecOps security". ITProToday. 20 July 2025. Retrieved 5 October 2025.
18. "Lies-in-the-loop attack shows risks in AI coding agents". Dark Reading. 12 September 2025. Retrieved 6 October 2025.
19. "Checkmarx surfaces malicious effort to compromise software supply chains". DevOps.com. 3 September 2025. Retrieved 6 October 2025.
20. "Developers knowingly push vulnerable code, despite growing breach risk". Cybersecurity Dive. 3 September 2025. Retrieved 6 October 2025.
21. Scheer, Matt (2020-07-27). "Security Checks When Submitting Apps to the Salesforce ISV Team". crmscience. Retrieved 2020-11-13.
22. "Checkmarx Raises Funding From Salesforce.com, Ofer Hi-Tech". TechCrunch. Retrieved 2020-09-04.
23. "Insight Venture Partners to buy Israeli co Checkmarx - Globes". en.globes.co.il (in Hebrew). 2015-06-17. Retrieved 2020-09-09.
24. "In $1.15 Billion Deal, Hellman & Friedman Acquires DevOps Firm Checkmarx | Israel Defense". www.israeldefense.co.il. 17 April 2020. Retrieved 2020-10-21.
25. "3 Israeli cybersecurity firms win Black Unicorn Awards". ISRAEL21c. 2019-08-22. Retrieved 2020-10-21.
26. Novinson, Michael (2020-06-24). "The Biggest 10 Cybersecurity Acquisitions Of 2020 (So Far)". CRN. Retrieved 2020-09-04.