Checkmarx

Before founding Checkmarx, Maty Siman worked in the Mamram unit of the Israeli Defense Forces (IDF) and later in the Matzov unit. Then he worked a two years term until February 2006 as an advisor at the Israeli Prime Minister's Office. ==History==

Checkmarx was founded in 2006 by Maty Siman and Emmanuel Benzaquen. The following year, it acquired Custodela, DevSecOps consulting firm. Checkmarx was acquired in April 2020 by Hellman & Friedman, a private equity firm with headquarters in San Francisco. In August 2021, Checkmarx acquired Dustico, a software that detects backdoors and malicious attacks in the software supply chain. In 2023, founder Emmanuel Benzaquen stepped down as CEO and was succeeded by Sandeep Johri.' Checkmarx announced in December 2025 that it had acquired Tromzo, a California-based company known for its AI-native autonomous security agents. No financial details were made public. Checkmarx stated that Tromzo’s founders, Harshil Parikh and Harshit Chitalia, together with their full AI engineering team, will transition to Checkmarx’s product and engineering division. Tromzo’s cognitive architecture and reasoning engine will serve as an intelligence layer throughout the Checkmarx One platform and will drive new Assist agents beginning in early 2026. In March 2026, two Checkmarx-maintained GitHub Actions were compromised by threat actors injecting credential-stealing malware which harvested cloud, GitHub, and CI/CD secrets from affected workflows, enabling potential cascading supply-chain compromises. ==Research==

Checkmarx maintains a research division, Checkmarx Zero, that has published findings on vulnerabilities and software supply chain risks: • In 2019, researchers disclosed flaws in Google and Samsung Android camera apps that could enable remote surveillance. • In 2022, Ars Technica reported a flaw in the Ring Android app that exposed sensitive user data. • In 2025, Checkmarx reported malicious Python packages on PyPI designed to exfiltrate data. • In 2025, Cybersecurity Dive reported survey data from Checkmarx indicating that 98% of organizations experienced breaches linked to software flaws. • In 2025, ITProToday covered research warning that AI-generated code creates "blind spots" in DevSecOps. Independent reporting on Checkmarx research also examined manipulation risks in AI coding agents via a "lies-in-the-loop" technique, alongside broader supply-chain findings in public repositories. Survey reporting highlighted that most organizations experienced breaches tied to vulnerable code amid growing adoption of AI development tools. ==Funding==

Checkmarx's early investors include Salesforce, which remains a partner as Checkmarx provides security reviews for the Salesforce AppExchange. In 2015, U.S. private equity and venture capital firm Insight Partners acquired Checkmarx for $84 million. acquired Checkmarx for $1.15 billion. After the acquisition, Insight Partners retained a minority interest in the company. == See also ==