Semgrep, a San Francisco application security startup with roots in the open-source world, has raised $100 million in a Series D funding round led by Menlo Ventures. 

The capital injection brings the total financing to $204 million as Semgrep added Felicis Ventures, Harpoon Ventures, Lightspeed Venture Partners, Redpoint Ventures, and Sequoia Capital to its roster of backers.

Semgrep is marketing an AppSec Platform to promising help to developers and security engineers transitioning from traditional risk management to proactive security engineering. 

Semgrep’s autonomous code security platform is promising signal-to-noise ratio and prioritization and the management of a robust enterprise AppSec program.

In a note announcing the new financing, Semgrep CEO Isaac Evans said the company’s focus goes beyond finding code vulnerabilities to providing “autonomous” security functionality — essentially acting like an AppSec engineer that not only flags flaws but also helps prioritize and fix them. 

He said the Semgrep platform combines traditional static analysis with large language models to maintain a balance between deterministic detection (avoiding false positives) and AI-informed context (making it easier for developers to understand and remediate issues).

Competition in the application security space has ramped up in recent years with established players finding traction with large user bases, while other newer startups are hyping AI-driven approaches innovation for multiple-use cases.

Semgre’s funding comes shortly after a consortium of vendors launched a fork called Opengrep, leading to fresh debates about open-source licensing and the balance between free community editions and commercial products. 

Alongside the funding, Semgrep has added seasoned executives and advisors to guide the company through its next phase of growth. Mark McLaughlin, former CEO of Palo Alto Networks, joins as an angel investor and advisor, while Garrett Souza, formerly of Snyk and Matillion, steps in as Vice President of Sales.

The company plans to invest heavily in AI engineering, program analysis, and developer education.  

Related: Application Security Firm DryRun Raises $8.7 Million in Seed Funding 

Related: CISA Seeks Public Opinion on Cloud Application Security Guidance

Related: Joshua Goldfarb: Application Security Protection for the Masses

Related: Endor Labs and Allies Launch Opengrep, Reviving True OSS for SAST