Hopper emerges from stealth with $7.6 million to rethink open-source security
The company replaces traditional Software Composition Analysis (SCA) tools with a precision-focused platform that detects hidden vulnerabilities, automatically discovers assets, and pinpoints which functions are truly at risk.
Cyber startup Hopper has launched from stealth with $7.6 million in Seed funding to overhaul how open-source security is done. The round was co-led by Meron Capital and New Era, with participation from the Sequoia Scout Fund, M-Fund, and notable tech operators behind exits to AWS, Oracle, Intel, and more.
The company replaces traditional Software Composition Analysis (SCA) tools with a precision-focused platform that detects hidden vulnerabilities, automatically discovers assets, and pinpoints which functions are truly at risk, all without agents or CI/CD changes.
“We didn’t start Hopper because the world needed another SCA tool,” said co-founder and CEO Roy Gottlieb, a Unit 81 alum and Israel Defense Prize recipient. “We started it because existing solutions overwhelm teams and slow down development. Hopper is built to cut through the clutter, surface real risks, and make open-source security fast, accurate, and developer-friendly.”
Hopper is already used by Fortune 500s and fast-growing tech companies, helping security and engineering teams to replace legacy SCA tools and secure their code with a more ‘developer-aligned’ solution. Before switching, Hopper customers claimed to spend up to 8% of total development time addressing alerts. By improving remediation SLAs, reducing MTTR, and boosting developer productivity, Hopper becomes a cost-reduction tool for the enterprise.
Co-founder Oron Gutman, a veteran vulnerability researcher and two-time Israel Defense Prize winner, helped develop Hopper’s proprietary knowledge base, identifying vulnerable functions across the OSS ecosystem.
You can learn more about the company below through Gottlieb:
How was the idea born?
Over the last decade, open-source has transformed from a developer convenience into the foundation of modern software. Its adoption has grown by more than 100 times, and the rise of AI-generated code is pushing that number even higher. As open-source becomes the backbone of innovation, it has introduced new levels of complexity that existing tools struggle to manage effectively.
Open-source security is not new. It has been a core part of security programs for years. But the way most solutions work today does not match the speed or scale of modern development. They generate massive volumes of alerts without enough context to understand which issues actually matter. The result is noise. Engineering time is wasted, product velocity slows, and real risk often goes unaddressed.
At the same time, security programs are becoming more strategic. It is no longer just about coverage. It is about cost, efficiency, total cost of ownership, and return on investment. Leaders want to see impact. They need to know their teams are solving the right problems, not just reacting to everything.
That is why we started Hopper. We saw an opportunity to bring focus, precision, and measurable value back into open-source security. We help teams cut through the noise and focus on what truly matters, so they can move faster and stay secure.
What is the need for the product?
Open-source has become the dominant force in software development, and the rise of AI is pushing adoption even further. Today, AI-generated code routinely pulls in dozens or even hundreds of open source packages in seconds. As a result, the volume, velocity, and complexity of open-source code entering enterprise environments are growing faster than most security programs can handle.
Traditional solutions for managing open-source risk are struggling to keep up. Most generate a high volume of alerts, but offer little insight into what actually matters. Security teams are forced to waste time triaging irrelevant findings. Developers lose confidence in the results and slow down delivery. The inefficiency compounds at scale, draining resources and delaying business outcomes.
At the same time, application security programs are evolving. Organizations are moving beyond basic coverage metrics and shifting toward more strategic goals like cost-efficiency, total cost of ownership, and return on security investment. It is no longer enough to detect every potential issue. Security leaders want to know which risks are real, which require action, and which can be safely ignored.
Hopper addresses this need by bringing precision to open-source risk analysis. Through function-level reachability and deep contextual insight, it filters out the noise and highlights the vulnerabilities that pose a real threat. The result is faster remediation, stronger collaboration between security and engineering teams, and a security program that scales with the business.
How is it changing the market?
For years, Software Composition Analysis (SCA) has focused on identifying every known vulnerability in every package. That approach creates volume, but not value. It floods teams with alerts, most of which are irrelevant, and forces them to act without context. The result is wasted time, unnecessary work, and security programs that are reactive rather than strategic.
Hopper is changing the market by redefining what actionable open-source security looks like. Instead of highlighting every possible issue, it focuses on what is reachable, relevant, and real. This shift allows teams to cut through the noise, prioritize with confidence, and improve remediation outcomes without slowing development velocity.
It is also pushing the conversation forward. As security programs mature, leaders are asking harder questions about efficiency, total cost of ownership, and measurable results. Hopper enables this shift by aligning AppSec with business goals, helping organizations reduce risk while improving speed and productivity. In a market that has accepted noise as normal, Hopper is setting a new standard for clarity and control.
How big is the market for the product and who are its main customers?
The market for securing the software development lifecycle is experiencing significant growth. Whether referred to as application security, product security, DevSecOps, or software supply chain security, the objective remains consistent: safeguarding the integrity of software throughout its development and deployment.
According to IDC, the DevSecOps software tools market is projected to reach $15.6 billion by 2028, reflecting the increasing demand for integrated security solutions in the development process. Similarly, the global application security market is expected to grow from $13.64 billion in 2025 to $30.41 billion by 2030, at a CAGR of 17.39% .
Hopper serves a diverse clientele, ranging from high-growth startups to established enterprises. Notable customers include HPE, a Fortune 500 company, and Mesh Payments, a fintech unicorn. These organizations leverage Hopper to scale their application security efforts effectively, ensuring rapid development without compromising on security.
Who are the main competitors in this sector and how big are they?
The main competitors in this sector include both long-established vendors and newer entrants. Legacy players such as Snyk, Veracode, Checkmarx, Mend, Black Duck, Sonatype, and JFrog have built broad platforms for application security and software composition analysis. Many of these companies are valued in the billions and have large enterprise footprints.
In parallel, newer companies like Endor Labs have entered the market with more modern approaches to open-source risk, reflecting the growing demand for precision, automation, and developer-aligned workflows.
Together, these vendors serve a market that is expanding rapidly as software-driven companies place greater focus on open-source security, compliance, and software supply chain integrity.
What is the added value that the founders bring to the company and the product?
Hopper’s founding team brings together deep expertise in software security, large-scale engineering, and applied research. The engineering leadership includes veterans of both Unit 81 and Unit 8200, Israel’s elite cyber intelligence units, where they led advanced programs focused on vulnerability research, reverse engineering, and complex system exploitation.
Team members also hold advanced academic degrees, including PhDs, with backgrounds in static analysis, systems programming, and compiler theory. This mix of practical and academic experience directly informs Hopper’s technical foundation, particularly in areas like function-level reachability and precision-based vulnerability classification.
On the business side, the leadership team has operated inside fast-paced startups, enterprise security teams, and regulated industries. This perspective provides a clear understanding of how security and engineering teams work, the limitations of current tools, and what it takes to build solutions that align with modern development environments.
Together, the founding team brings the technical depth, operational insight, and domain expertise required to reshape how companies manage open-source risk.
What will the money coming in from the round be used for?
The funding is being used to accelerate Hopper’s growth across product development and go-to-market. On the product side, the company is investing in broader language and framework support, deeper analysis capabilities, and automation to help teams move faster with precision and confidence.
Commercially, the focus is on scaling sales, marketing, and customer success, with an emphasis on expansion in the United States. Every dollar is being invested toward a single goal: making open-source security more accurate, developer-aligned, and effortless to scale across modern engineering organizations.
