Jan-Erik Asplund
TL;DR: Sacra estimates that Snyk hit $300M annual recurring revenue (ARR) in October 2024, up 25% YoY. Snyk Code represents a third of that revenue, crossing $100M ARR and riding the tailwinds of AI-generated code in the enterprise via tools like GitHub Copilot ($400M ARR) and Cursor ($65M ARR). For more, check out our full Snyk report and dataset.
When we first covered Snyk, we estimated that they had crossed $250M in annual recurring revenue (ARR) at the end of 2023, growing 25% YoY.
Now, Sacra estimates that Snyk has crossed $300M in ARR as of October, growing 25% YoY, with tailwinds from the rise of AI code generation—like Cursor ($65M ARR) and GitHub Copilot—in the enterprise.
Key points via Sacra AI:
- Sacra estimates that Snyk passed $300M in annual recurring revenue (ARR) at the end of October 2024, up 25% YoY, with roughly 3,100 customers ($96K average revenue per customer) and 80% gross margins. Compare to cloud security leader Wiz at $500M ARR, up 128% YoY, and Palo Alto Networks (NYSE: PANW) at $8.0B in annual revenue, up 16% YoY.
- Snyk Code, which uses LLMs fine-tuned on Snyk's data to scan a developer's code for vulnerabilities and suggest fixes as they write, grew to a third of revenue at $100M ARR (up 150% YoY), with GitHub Copilot-using enterprises scanning 175% more code through Snyk to contain the security risks from the rise of AI-generated code.The growth of Snyk Code is offsetting a decline in their core product, Snyk Open Source, as developer-centric application security startups like Semgrep (Lightspeed Venture Partners, $93M raised) and Endor Labs (Lightspeed Venture Partners, $95M raised) cut in on their market share with individual developers.
- Snyk is increasingly an enterprise business—enterprise ARR grew 40% and represented 70% of net new ARR in Q2'24 as they acquired companies like Probely (API vulnerability scanning) and Helios (distributed app testing) to sell themselves as a complete developer security platform.All the major cybersecurity platforms are moving to own application security—Palo Alto Networks (with Prisma Cloud), CrowdStrike (with Falcon ASPM), and now Wiz (with Wiz Code)—with Snyk's key differentiation being that they are the only one that started out building for developers.
For more, check out this other research from our platform:
- Snyk (dataset)
- Wiz (dataset)
- Valimail (dataset)
- Israel's YC of cybersecurity
- Rubrik: the Netflix of data backups
- Zachary Friedman, associate director of product management at Immuta, on security in the modern data stack
- Sam Li and Austin Ogilvie, co-CEOs of Laika, on the compliance-as-a-service business model
- Christina Cacioppo, CEO of Vanta, on the value of SOC 2 compliance for startups
- Shrav Mehta, CEO of Secureframe, on building a TurboTax for security compliance
- How Vanta, Secureframe and Laika are arming the rebels of B2B SaaS
- Rubrik (dataset)
- BigID (dataset)
- Lacework (dataset)
- Noname Security (dataset)
- Cribl (dataset)
- Netskope (dataset)
