Behind the scenes: DeepCode and Snyk join forces to provide the leading AI-powered developer-first security platform

Only 12 months after we led the $4 million seed financing round in DeepCode (read more about our initial investment here), we are excited to announce that the Zurich-based company has been acquired by Snyk. We at Earlybird are long-term investors who aim to help build category-shaping and ultimately globally-leading technology companies; a “quick flip” was certainly not on our agenda when we first invested. So why are we changing the course after such a short period of time? Well, as it turns out we are still in it for the long run. As opposed to our recent exits in Peak Games, Social Bakers or Vivense, this merger is for several reasons not a typical exit for Earlybird, but rather a continuation. It’s the beginning of the next chapter in an overall story of changing the way software developers work.

First things first: We believe today, more than ever, that technology will drastically change the way software developers design, build, test, deploy and monitor their code. While the overall software market opportunity is expected to reach more than $1.2 trillion by the end of this year, finding and fixing efficiency and security bugs in code provides a cost saving potential of up to $550 billion (more details here). In the course of the last decade, the obviousness of this opportunity has attracted several teams claiming “to intelligently identify bugs and security vulnerabilities”. In reality, however, literally all of the tools we scrutinized as part of our competitive due diligence during 2018 and 2019 relied on deterministic rulesets rather than “intelligence”.

Except DeepCode. Deepcode has been different. From day one. Leveraging the wisdom of the crowd and actively learning from their community enabled DeepCode to gradually grow the size of their ruleset. By having their developers accept or reject recommended rules, their tool continuously improves its quality and only recommends the community’s best practices going forward. This way, their interpretable machine learning based semantic code analysis dramatically reduces both false negatives and false positives. Already at the point in time of our initial investment, their tool outperformed comparable solutions by magnitudes. Scanning code up to 50x faster than alternatives, DeepCode not only provides the most accurate but also the fastest solution enabling real-time workflows. Their technology enables code scanning at the IDE and git level so that developers can seamlessly integrate scanning into their development process in real-time rather than adding interruptive steps. So far, so good. So why then an M&A?

Well, as the German writer Goethe wisely pointed out: ‘There is shadow, where there is light.’ While one of the core differentiators and strengths of DeepCode’s tool has certainly been the fact that their unique technology “learns” from the community, the reliance on its community has also been a constraint up until this stage. With more than 50% of the team holding a PhD and more than 90% of the team being tech and product-focused developers themselves, there has been little focus on building the community and preparing for commercialization. As this is naturally one of the next challenges, the initial partnership discussions with Snyk quickly revealed stronger synergies than expected. Being the global leader in developer-first, cloud native application security, Snyk brings advantages of having built a 1.5 million active user developer community and are primed for commercial distribution, with a total funding of USD 450 million and its recent valuation skyrocketing to USD 2.65 billion. When Snyk, similar to several other global tech leaders who sought out to acquire DeepCode, became aware of DeepCode’s exceptional capabilities as well as the unparalleled performance of their tool, the discussions rapidly evolved and led us to see the potential for a strong win-win scenario.

Circling back to my above statement that we at Earlybird are long-term investors who want to build globally leading tech players, we are — based on our more than 23 years of experience as a VC firm — certainly aware that there are many routes to Rome. Yes, DeepCode could have tried to build its own community and yes, the team could have tried to launch its own commercial operations, but for sure this would have required several years and would have been associated with risks. Similarly, Snyk could have tried to build an equally powerful code analysis tool, but for sure this would have required several years (if even a possibility at all.) Note that DeepCode was started on the back of more than a decade of research, spun off from ETH Zurich. Aware of the time requirements and the risks associated with independently building the respective other parts, we — along with everyone else involved in this merger — strongly believe that the ‘whole will be greater than the sum of its parts’. (Thanks to Aristotle for this timeless phrase.) Together, we start the next chapter of changing the way in which software is built, with an unparalleled AI-powered developer-first software security platform.

Having multiplied our initial investment in DeepCode several times within the course of the last year, we are convinced that there is more to come on our mutual journey with Snyk. We’re excited to support the exceptional team around Snyk’s impressive CEO Peter McKay and become part of a world-class shareholder group including our friends from Accel, Addition, Coatue, GV, Heavybit, Salesforce Ventures, Tiger Global and early backers from Boldstart Ventures and Canaan Partners. Onwards and upwards — let’s build another software powerhouse out of Europe!

Are you a founder, industry expert, VC or researcher interested in the fields of AI, developer tools or open-source business models? I’d be more than happy to learn about your work, so feel free to reach out via andre@earlybird.com.

Liked this piece?
>>Follow me on twitter for more AI, developer tools and VC related stuff.