Semgrep is a San Francisco application-security company that builds a unified AppSec platform (Code/SAST, Supply Chain/SCA, and Secrets) used by engineering teams at Dropbox, Figma, Snowflake and others. Born out of an open-source tool originally written at Facebook, it lets security teams write code-like rules and ship them through CI - cutting false positives and pushing fixes back to developers.
Isaac Evans is the Founder and CEO of Semgrep, the developer-first application security platform that has redefined how modern engineering teams handle code security. An MIT-trained computer scientist with a background in U.S. Department of Defense security research, Evans co-founded Semgrep in 2017 with college roommates Drew Dennison and Luke O'Malley. Under his leadership, Semgrep grew from a niche static analysis tool into a platform scanning 75+ million code repositories annually, serving customers like Figma, Dropbox, Slack, and Snowflake. In February 2025, the company closed a $100M Series D led by Menlo Ventures, bringing total funding to $193M. Evans's core thesis - that security must serve developers, not obstruct them - has made Semgrep a defining force in the AppSec category.
ZeroPath is an AI-native application security platform that automatically finds and fixes software vulnerabilities. Founded in 2024 by four security and engineering veterans - including a former Google Security Engineer and a former Tesla Red Team engineer - ZeroPath replaces noisy legacy SAST tools with an LLM-powered engine that understands code semantics, verifies exploitability, and generates working patches. Within a year of launch, over 1,000 organizations trust ZeroPath to scan more than 200,000 codebases per month.