We’re growing fast, and we’re looking for builders to join the mission.🌀 We currently have open positions across Engineering, Marketing, Operations, Product, and Sales.  We’re a team that values being audacious, moving fast, and staying relentlessly human. We have hubs in San Francisco, New York, and London. 👉semgrep.dev/about/careers/

🌀We're doing a live demo of everything in Semgrep Summer '26 on June 18th and giving away a Bambu Lab A1 Mini 3D Printer to one attendee. Detection. Triage. Remediation. One system. 60 minutes. You won't want to miss this. Register here👉semgrep.dev/events/semgrep-s…

What do high-performing AppSec teams do differently? Every engineering team has access to security scanning tools. But there is a massive performance gap between the top 15% of AppSec programs ("Leaders") and everyone else ("The Field"). We analyzed anonymized remediation patterns across 50,000 active repositories and 400 organizations over a full calendar year. The data revealed exactly how high-performing teams escape the backlog trap and scale their remediation. Get the full insights now 👇 semgrep.dev/resources/remedi…

What are AI security tools genuinely good at today? Where do they still fail? How are attackers already putting publicly available AI tools to work? Join Dr. Katie Paxton-Fear, Kurt Boberg, and our CEO, Isaac Evans, as they cut through the speculation and share a realistic view of AI-assisted security work Leave with a clearer understanding of where AI fits into AppSec, and what your team should do next. 👉 Save your spot: semgrep.dev/events/mythos-ai… #ApplicationSecurity #AI #Security

AI security conversations are stuck between hype and panic. Join Dr. Katie Paxton-Fear, Kurt Boberg, and our CEO, Isaac Evans, for a practical discussion on what tools like Mythos, Codex Cyber, and AI harnesses can actually do today, and what security teams should prepare for over the next 12 months. If you're looking for signal over noise, this session is for you. 👉Register now: semgrep.dev/events/mythos-ai… #AppSec #AISecurity #Cybersecurity

Your AI coding agent is constantly introducing security flaws.  Semgrep Guardian fixes this. It installs directly into your agent to ensure all AI-generated code automatically aligns with your security policies. It works via three core components: - MCP Server: Semgrep and your AI agent talk directly to each other. - Hooks: Automatic scans fire on every single file write. - Skills: Packaged instructions and scripts that securely extend what your agent can do. Learn more 👇 semgrep.dev/solutions/semgre…

A big thank you to everyone who joined us for our Black & Blue Security Leaders Dinner and to those who attended Vasilii Ermilov's BSides Vancouver talk, "Can LLMs Really Find IDORs? Limits of AI Security Reasoning." Events like these are a great reminder of how valuable it is to connect with the security community, exchange ideas, and learn from one another. Curious where the Semgrep team is headed next? Check out our events page to see what's coming up👉 semgrep.dev/events/

Your Golden Hour invite is here 🌇 Semgrep and ArmorCode are bringing the security community together after #AWSSummit LA  for an evening above Downtown LA. Join us at Golden Hour LA for craft cocktails, light bites, rooftop views, and conversations with the people shaping the future of AppSec and cloud security. 📆 June 10 at 6:00 PM 🕕 Golden Hour LA Save your seat👉 semgrep.dev/events/sunset-so…

We have been tracking the Miasma/Hades supply chain attack today and over the weekend, we've released new rules for our supply chain customers to cover the additional packages in PyPi this morning and we will continue to follow the attack as it develops

Will AI replace AppSec teams? 👀 In the latest episode of Security Rulez, our Security Advocate Dr. Katie Paxton-Fear (@InsiderPhD) sat down with Anshuman Bhartiya (Tech Lead at Lyft) to tackle this exact question. 👇

Heading to AWS Summit LA? After a full day of sessions, come unwind with Semgrep and Armor Code at Golden Hour LA 🍹 Visit the Semgrep team at Booth #241 during the day for demos, swag, and to meet the team. Then head up to Golden Hour LA for our Sunset Social featuring rooftop views, cocktails, light bites, and an evening with security leaders and practitioners above Downtown LA. 📍 Golden Hour LA 📅 6:00 PM on June 10 Register here to save your seat👉 semgrep.dev/events/sunset-so…

"AI agents are writing code so fast, we can't keep up with the security debt." 🫠 We have the solution: A plugin that lives in your IDE, detecting and resolving the vulnerabilities, malicious packages, and hardcoded secrets before a PR is ever opened.

Engineering teams rarely write in just one language anymore. Semgrep analyzed 448,000 repositories and found that 20% use 2 languages. The hidden friction? Tool Sprawl. Multi-language repos often mean managing an army of individual scanners (Bandit for Python, gosec for Go, and ESLint for JavaScript, etc.). This fragmented approach creates inconsistent workflows and more maintenance.  The solution? A single engine across the full language stack. One config, one integration, one alert format, one suppression syntax. That's Semgrep.

We’re excited to sponsor #AWSSummit New York City at the Javits Convention Center! Stop by booth #144 to see us in action, including live demos with the Amazon Bedrock team on securing your code from commit to cloud. 🎙️Don’t miss our lightning talk at 4 pm, Stop Fighting Security, Start Shipping Secure Code, featuring Semgrep Security Advocate, Space Rogue! Come and learn how teams can move faster while building secure software from the start. Learn more and book time to meet with us!👇 semgrep.dev/events/aws-summi…

We're giving away a Bambu Lab A1 Mini 3D Printer at our Summer '26 Release Webinar on June 18th. All you have to do is show up. While you're there, you'll get a 60-minute live demo of how detection, triage, and remediation work as one system, including 96% autotriage agreement rates, 98% SCA noise reduction, and multi-file code autofix for complex auth issues. Plus a roadmap preview and open Q&A. 📆June 18 at 8am PT Register here👉semgrep.dev/events/semgrep-s…

Your #AWSSummit LA plans just got better ✅ After a full day of sessions, join Semgrep and ArmorCode at Golden Hour LA for rooftop views, craft cocktails, light bites, and great conversation with the security community. Come unwind above Downtown LA, connect with fellow security leaders and practitioners, and enjoy a memorable evening at one of LA’s favorite rooftop spots. 📅 Wednesday, June 10 🕕 6:00 PM  Learn more and save your spot here👉 semgrep.dev/events/sunset-so…

At a conference last year someone asked Austin Theriault for performance advice: "what about continuous profiling for OCaml?" and the answer was "it just doesn't exist." It does now. We've open sourced, Pyro Caml, a continuous profiler for OCaml that runs in production, can visualize in flame graphs with Pyroscope/Grafana, and with minimal overhead. It's already helped Semgrep find real bottlenecks that never would have been caught otherwise. semgrep.dev/blog/2026/announ…

Source Code breaches have been in the news this week and for good reason, they can be some of the most devastating breaches for an organization, our founder and CEO @0xine spoke to @DarkReading  and @InfosecurityMag this week, explaining that a source code breach reveals more about the internals of the application and how attackers use those details to their advantage, but how are they using it?