CHAPTER 14

Application Security

Application Security covers a wide range of solutions. Static and dynamic code scanning (SAST and DAST), application hardening, and adding controls to the development process, all fall within the category. This chapter looks at the new vendors applying AI to application security.

Code Review

Code review for security is a special case of application security. Anthropic’s introduction of Claude Code Security in February, 2026, is going to disrupt these vendors. Here we include the thirteen vendors that use AI to assist in code review.

CompanyCountryInvestment ($M)Employees
Gecko SecurityUSA-4
HoundDog.aiUSA$3.1M-
StarisUSA$5.7M-
CorridorUSA$5.4M-
DryRun SecurityUSA$11M20
Hopper SecurityUSA-18
HeelerUSA$8.5M-
CodeAnt AIUSA$2.6M-
Delphos LabsUSA--
Prime SecurityUSA$26M-

Application Security

Another intractable problem faced by security teams resides within the development teams. There is very little motivation for product engineering to shift left and incorporate security checks early in the software development life cycle (SDLC). The field of application security is crowded with 208 vendors. They offer tools for static code analysis (SAST), dynamic code analysis (DAST), software bill of material (SBOM) management, runtime protection, and many tools that integrate with development environments to catch problems as they are created.

Here are the new entrants in the field of application security that are AI-first.

CompanyCountryInvestment ($M)Employees
XBOWUSA$117M152
Clover SecurityIsrael$36M67
Operant AIUSA$13M43
PixeeUSA$15M30
Crash OverrideUSA$42M30
NullifyAustralia$17.24M29
Ghost SecurityUSA$15M27
DryRun SecurityUSA$11M20
Seezo.ioIndia$5.32M19
Hopper SecurityUSA-18
Amplify SecurityUSA-9
AlmanaxUSA$1.5M8
Gecko SecurityUSA-4
TheoremUSA-0