Semgrep is a San Francisco application-security company that builds a unified AppSec platform (Code/SAST, Supply Chain/SCA, and Secrets) used by engineering teams at Dropbox, Figma, Snowflake and others. Born out of an open-source tool originally written at Facebook, it lets security teams write code-like rules and ship them through CI - cutting false positives and pushing fixes back to developers.
Rick Fitz is the Chief Executive Officer and Chairman of the Board at Contrast Security, the application security company behind the 'Shift Smart' approach to securing software from within. A 25-year enterprise software veteran, Fitz came to the role in April 2023 after six-plus years as SVP and General Manager of Splunk's IT Operations and Application Development Market Group, where he steered the company through landmark acquisitions including SignalFX. At Contrast, he leads a 240-person company with $274M in total funding as it works to redefine how developers and security teams find and fix vulnerabilities at runtime - inside applications as they run, rather than scanning from the outside.
Sandeep Johri is the CEO of Checkmarx, the application security company headquartered in Paramus, New Jersey. A three-decade Silicon Valley operator, he previously built Tricentis from a small European startup into a global continuous-testing leader, ran HP's software acquisitions strategy, and founded identity-management pioneer Oblix, which Oracle bought for $150M.
Isaac Evans is the Founder and CEO of Semgrep, the developer-first application security platform that has redefined how modern engineering teams handle code security. An MIT-trained computer scientist with a background in U.S. Department of Defense security research, Evans co-founded Semgrep in 2017 with college roommates Drew Dennison and Luke O'Malley. Under his leadership, Semgrep grew from a niche static analysis tool into a platform scanning 75+ million code repositories annually, serving customers like Figma, Dropbox, Slack, and Snowflake. In February 2025, the company closed a $100M Series D led by Menlo Ventures, bringing total funding to $193M. Evans's core thesis - that security must serve developers, not obstruct them - has made Semgrep a defining force in the AppSec category.
ZeroPath is an AI-native application security platform that automatically finds and fixes software vulnerabilities. Founded in 2024 by four security and engineering veterans - including a former Google Security Engineer and a former Tesla Red Team engineer - ZeroPath replaces noisy legacy SAST tools with an LLM-powered engine that understands code semantics, verifies exploitability, and generates working patches. Within a year of launch, over 1,000 organizations trust ZeroPath to scan more than 200,000 codebases per month.