Find and fix the issues that matter in your code (SAST)
Fix vulnerabilities in open source dependencies and block malware
Find and fix hardcoded secrets with semantic analysis
Automate, manage, and enforce security across your organization
Build and deploy security pipelines that combine static analysis with AI at scale
Secure your code, no matter who (or what) writes it.
Protect against software supply chain attacks
Increase security while accelerating development
Prevent the most critical web application security risks
Protect Your Code with Secure Guardrails
Mitigate software supply chain risks
Increase security while accelerating development
Want to read all the docs? Start here
Get the latest news about Semgrep
See how Semgrep can save you time and money
Join the friendly Slack group to ask questions or share feedback
Join us at a Semgrep Event!
See why users love Semgrep
View our library of on-demand webinars
Last week, London gave us two back-to-back experiences that reminded us why the work we're doing at Semgrep matters, and who we're doing it for. Two events, very different settings, but one clear signal from the security leaders and practitioners we spoke with: the intersection of AI and application security has never felt more urgent.
Having launched the Semgrep Customer Advisory Board with our North American customers in Q4 2025, we crossed the pond to bring the same experience to EMEA. Held at “The Ned” in the heart of the city of London, it was two days of interactive sessions, product deep dives, and genuine conversation that set a new bar for how we engage with our customers.
Customer practitioners, advocates, and security leaders from across EMEA joined us for two days of interactive sessions, product deep dives and roadmaps, breakout discussions, and genuine conversation alongside Semgrep executives, product leads, and engineers.
The day’s events opened with Semgrep co-founder Luke O'Malley sharing his vision on industry trends and the product roadmap. Building on that, we moved into a “Voice of the Customer” session, one of the most energizing parts of the event, where attendees reflected on their Semgrep journeys in small group conversations.
Candid, unfiltered, and exactly the kind of input that shapes what we build next. What came through clearly: AppSec practitioners across EMEA are actively investing in agentic security and mitigating supply chain risk. The afternoon shifted into two parallel deep-dive tracks: one on Agentic Application Security and another on the State of Supply Chain, where customers shared how they're thinking about autonomous detection, triage, and remediation — and what gaps still exist in their security programs.. The day’s events wrapped up with a fireside chat with Dr. Katie Paxton-Fear, Security Advocate and Security Researcher, that brought the room together.
That evening the conversation continued at Luca Restaurant, and it was a night you had to be there for; customers shared what’s working in their organizations as well as the challenges they’re up against. Attendees also forged genuine connections between peers and the Semgrep team.
Day two was equally rich. The morning centered on Semgrep Workflows, combining rule based analysis with AI to detect, triage and remediate vulnerabilities.Customers shared how they're building today, what's working, and where Semgrep needs to go further. The consistent theme: teams want security that is autonomous, accurate, and integrated into how developers already work not bolted on after the fact. That said, autonomy wasn't without nuance as several attendees were clear that a human review step in the loop remains important to them, particularly when it comes to remediation.This shifted to product marketing messaging, with customers weighing in on our AI positioning and maturity narrative. Real feedback, in real time, from the people it matters most to.The CAB doesn’t end here. We look forward to staying closely connected with this group throughout the year, continuing the conversation as we build what’s next together.
Hot off the CAB, the energy continued at the AWS Summit, London. With roughly 20,000 attendees filling the halls, a couple of themes kept coming up in conversation after conversation at the Semgrep booth;
(1) “How do we make security seamless in the SDLC without slowing developers down?”
(2) “How do we do it in an era where AI is generating more code than ever before?”
These questions aren't new, but the urgency behind them is. AI is reshaping how code is written, reviewed, and shipped and as a result, security has to keep pace. As AI coding tools become part of everyday developer workflows, securing AI-generated code has quickly moved from a niche concern to a top-of-mind priority for security teams across the industry. Semgrep is built to answer both questions. By combining rule-based static analysis with AI and agentic reasoning, Semgrep Multimodal finds up to 8x more true positives with 50% fewer false positives — catching the vulnerabilities that neither static analysis nor AI can find alone, without slowing development down. If your team is wrestling with the same challenges, see how Semgrep can help.
The message was clear: teams want speed, they want integrations that meet developers where they already work, and they need broad language coverage with minimal false positive noise.
On that note, we were excited to have Antonio Rodriguez, Amazon Bedrock Specialist, join us at the Semgrep booth to demo code-to-cloud security using AI and AWS services. Together, Semgrep and AWS are helping security teams secure AI-generated code from the moment it's written to the moment it's deployed, combining Amazon Bedrock's AI capabilities with Semgrep's multimodal detection engine to give joint customers a seamless, end-to-end AppSec solution. The demo resonated: attendees saw firsthand how teams can move fast with AI-generated code without sacrificing security posture.
The response reinforced something we already believed: Semgrep is becoming a key AppSec partner for AWS, and the momentum is real. Further reinforcing that momentum, Dr. Katie Paxton-Fear joined us to speak on AI and application security, a timely reminder that AI-driven development risks aren't a future concern. They're here now, and the industry is paying attention. Her key messages: the attack surface is expanding faster than most security teams realise. AI-generated code introduces new classes of vulnerabilities including business logic flaws and broken access control that traditional SAST tools consistently miss.
Following the AWS Summit, we brought the energy off the show floor with an axe throwing experience alongside our partners at Sysdig. A fitting end to a day full of sharp conversations
Two events, one city, one consistent signal: the market is hungry for application security that works with developers, not against them. Ultimately, AI is changing how code gets written, and that means it's changing how code needs to be secured.
We are building for exactly that moment and Semgrep multimodal is at the center of it. Rather than relying on a single method of analysis, Semgrep's multimodal approach combines static analysis, AI-assisted workflows, and supply chain security into one unified platform. The result is security that sees the full picture: the code, the context, and the risk, without slowing teams down. From London to the broader EMEA region, the message is clear: our customers, our partners, and the security community are with us.
We left London energized, and for Semgrep and our EMEA community, this is just the beginning. Up next in EMEA, Semgrep’s heading to:
AWS Summit, Stockholm (May 7, Stand B12),
Infosecurity Europe, London, (June 2-4, 2026)
OWASP Global AppSec EU in Vienna (June 25–26)
If you're attending, come find us. Each event is another opportunity to deepen the relationships we're building across EMEA and keep the conversation going with the security community that's shaping this industry.
.jpg)
