Snyk at $326M ARR growing 7% YoY
Jan-Erik Asplund
TL;DR: The developer security category Snyk pioneered has grown crowded with competition from platform bundles like GitHub & Wiz and AI-native startups like Endor Labs. Now, its CEO has stepped down as Snyk looks to reinvent itself for the AI era. Sacra estimates Snyk hit $326M in ARR in February 2026, up 7% YoY. For more, check out our full report and dataset on Snyk.
We first covered Snyk at $250M ARR at the end of 2023, then followed up at $300M ARR in 2024 as its AI-powered code scanner Snyk Code crossed $100M ARR riding the tailwinds of enterprise AI coding adoption via GitHub Copilot and Cursor, offsetting a decline in Snyk's legacy open-source scanning business.
Key points from our March 2026 update via Sacra AI:
- Sacra estimates Snyk hit $326M in annual recurring revenue (ARR) in February 2026, up 7% YoY, decelerating from 27% growth the year prior, with Snyk Code now roughly 40% of total ARR (up from a third in October 2024), valued at $3.7B per BlackRock's most recent mark-down from a $7.4B peak for a ~11x revenue multiple.
- Bundle competition has hit Synk from both directions, with cybersecurity platforms Wiz (Wiz Code), Palo Alto Networks (Prisma Cloud), and CrowdStrike (Falcon ASPM) adding AppSec into cloud security suites that CISOs are already buying, and GitHub Advanced Security embedding scanning natively into the repository where developers already work, resulting in an increasingly crowded & commodified category.
- Built on the shift of app security from security teams to developers, Snyk is now adapting as developers themselves push security down to AI & agentic coding, acquiring Invariant Labs (June 2025), replacing longtime CEO Peter McKay (February 2026) with AI-native leadership, and launching Snyk Evo in beta as a suite of agents for MCP security scanning, LLM injection monitoring, and natural language-based security policies to compete with more AI-native Semgrep (founded 2017, $93M raised, Lightspeed) & Endor Labs (founded 2021, $95M raised, Lightspeed).
For more, check out this other research from our platform:
- Snyk (dataset)
- Wiz (dataset)
- Valimail (dataset)
- Israel's YC of cybersecurity
- Rubrik: the Netflix of data backups
- Zachary Friedman, associate director of product management at Immuta, on security in the modern data stack
- Sam Li and Austin Ogilvie, co-CEOs of Laika, on the compliance-as-a-service business model
- Christina Cacioppo, CEO of Vanta, on the value of SOC 2 compliance for startups
- Shrav Mehta, CEO of Secureframe, on building a TurboTax for security compliance
- How Vanta, Secureframe and Laika are arming the rebels of B2B SaaS
- Rubrik (dataset)
- BigID (dataset)
- Lacework (dataset)
- Noname Security (dataset)
- Cribl (dataset)
- Netskope (dataset)
