Semgrep spent the week sharpening its focus on AI-driven application security and software supply chain risk, unveiling new capabilities and marketing initiatives. The company introduced Semgrep Guardian, a tool that integrates with AI coding assistants such as Claude Code, Cursor, Codex, and Replit to scan code at the moment of generation.
Meet Samuel – Your Personal Investing Prophet
- Start a conversation with TipRanks’ trusted, data-backed investment intelligence
- Ask Samuel about stocks, your portfolio, or the market and get instant, personalized insights in seconds
By shifting scanning earlier than traditional pull-request workflows, Semgrep aims to enforce security policies in real time and reduce manual developer intervention. The company emphasizes that this approach could help enterprises cope with the rising volume of AI-generated code while maintaining secure development practices.
Semgrep also highlighted a broader AI-focused strategy, branded as “Mythos,” centered on specialized rulesets for AI security, agent skills, and shadow AI. The platform now combines automated remediation that can create fix pull requests for SAST and SCA findings with performance improvements that reportedly speed scans by up to 50%.
In parallel, the company promoted Semgrep Workflows, a hybrid approach that combines deterministic analysis with AI to better detect business-logic flaws and context-specific vulnerabilities. This framework allows security teams to define Python-based custom steps and integrate Semgrep tools alongside their own stack, targeting scalable deployment in mature DevSecOps environments.
On the supply chain front, Semgrep updated rules in its supply chain security product to detect attacks similar to the recent compromise of the laravel-lang package. The company underscored that attackers’ use of GitHub tag manipulation, rather than clearly malicious version numbers, complicates traditional version-based defenses and demands more granular monitoring.
Customer and community engagement remained an emphasis as Semgrep prepared for a visible presence at the AWS Summit in Los Angeles, including live demos at Booth 241. The firm is also co-hosting a “Sunset Social” networking event with ArmorCode Inc., signaling ongoing investment in partnerships and enterprise pipeline development.
The company continued to build thought leadership through its Security Rulez session focused on how AppSec engineers and leaders should adapt skills in the age of AI-generated code. By convening industry voices around AI, AppSec, and engineering mentorship, Semgrep is reinforcing its brand at the intersection of cybersecurity, developer tooling, and artificial intelligence.
Taken together, the week’s developments suggest Semgrep is deepening its product capabilities in AI-era AppSec, enhancing supply chain protections, and investing in ecosystem and community engagement. These moves may strengthen its competitive positioning and support long-term adoption among security-conscious enterprises.