Cycode Acquires Bearer to Deliver AI-Powered SAST and API Discovery to Its Complete ASPM

user profile
Sr. Product Marketing Manager

Cycode + Bearer = Better Together

We are thrilled to announce today that Cycode has entered into a definitive agreement to acquire Bearer and welcome its customers to Cycode. Cycode will combine Bearer’s modern AI-powered SAST, API discovery, and data leak protection solution to extend our complete Application Security Posture Management (ASPM) platform. This strategic move marks a significant leap forward for Cycode, the market leader with the only complete ASPM platform.

With the Bearer acquisition, Cycode will redefine what developers and security teams can expect in terms of speed and accuracy. We have improved upon our quest to deliver an unsurpassed developer experience with AI-driven context for faster remediation and velocity than ever before. The acquisition gives our customers 31% faster scanning speeds and overall reachability capabilities that help Cycode overachieve its mission to deliver safe code, faster. 

Our complete ASPM is built by Cycode and does not rely on any open source scanning capabilities. We have intentionally committed to building our own scanners to ensure the highest quality, coverage, speed, and precision possible. 

Strategic Expansion Strengthens Cycode SAST and API Coverage

Cycode, with Bearer, will redefine the standards of a complete ASPM. The integration of Bearer’s technology into Cycode’s complete ASPM platform marks a significant enhancement in our ability to go deeper on many levels. This acquisition will not only strengthen our existing offerings, but will also introduce new, cutting-edge capabilities, which include the following:

  • Faster Scanning, More Precise Findings, and Better Developer Experience Designed for Speed: Cycode’s complete ASPM platform now scans 31% faster than the competition. This significantly reduces the time to detect vulnerabilities, while also adding unmatched precision in its SAST findings. We help your developers continue shipping with velocity through a best-in-class developer experience. 
  • AI-Powered Code Resolution: With the introduction of Bearer Assistant, Cycode enhances its platform with AI-powered tools that provide automated suggestions for fixing security issues to streamline the remediation process.
  • Data Leak Protection: Security teams gain complete visibility into how sensitive data moves within their applications and APIs, allowing them to mitigate risks and ensure compliance. With Bearer’s comprehensive assessment of over 120 data types (e.g., PII/PHI/PD), security teams can empower developers to build with confidence, speed, and the expertise to track and protect the most sensitive data flows.
    • Advanced API Discovery: Bearer’s API discovery, crucial for the protection of sensitive data in modern applications across third-party services and APIs, strengthens Cycode’s ASPM platform. For example, users now have the ability to identify which repos are using which third-party APIs and whether they are exposed to stored sensitive data. Now you can effectively prioritize what matters most.
  • Powerful Risk Intelligence Graph (RIG): Bearer’s insights enrich Cycode’s RIG, offering a deeper understanding of potential vulnerabilities and enhancing your overall security posture.

Driving Precision with Cycode’s Complete ASPM

The addition of the new functionalities outlined above improves Cycode’s already world-class ASPM platform. This investment in our own scanners means that our results are both faster and more accurate. By both scanning exceptionally fast and eliminating the noise typical of other scanners, we have increased the fidelity of alerts. This means that security teams spends less time chasing down false positives and developers don’t waste precious cycles remediating low impact vulnerabilities.

Because Cycode is a complete ASPM, we allow you to use either our own scanners or connect to tools you already have. This gives you incredible flexibility to meet your AppSec needs, while also leveling up your security posture.

The Cycode ASPM platform delivers everything you need to build a full AppSec program all in one tool. This drastically reduces the number of AppSec tools you need to manage, saving both license costs and the personnel required to manage multiple tools. Furthermore, because Cycode delivers all alerts on one platform, it is able to make deep connections and correlations between security events. The Cycode RIG allows you to use AI and natural language query to access an incredible volume of security data. With Cycode, security teams are able to easily identify the top 1% of all alerts so that remediation efforts can be focused where they have the greatest impact on the business.

Security is a Team Sport

This is a pivotal moment for Cycode. Bearer’s modern SAST, API discovery, and data leak protection technology align perfectly with our commitment to make security a team sport. We provide an easy way for security teams and developers to work together to resolve security vulnerabilities and pay down security debt. Both developers and security teams are supported with AI-driven context for faster remediation and higher velocity than ever before. 

By promoting cross-team collaboration, Cycode helps security and development teams reduce their organization’s overall risk. The end result is that our customers gain peace of mind, which in security is no small feat.

How Cycode Can Help

Cycode is the leading Application Security Posture Management (ASPM) platform providing peace of mind to its customers. Our complete ASPM scales and standardizes developer security without slowing down the business. We deliver safe code faster. The Cycode ASPM platform provides cyber resiliency through unmatched visibility, risk-driven prioritization, and just-in-time remediation of vulnerabilities at scale across the entire SDLC. Cycode’s Risk Intelligence Graph (RIG), the brain behind the platform, provides traceability across the entire SDLC through natural language. With Cycode, enterprises can protect their cloud-native applications ensuring the governance, compliance, and software supply chain integrity of every software release. 

If you’re excited about the possibilities of Cycode now with extended SAST and API coverage and want to learn first hand about how we give you the power to secure your organization, book a demo now.

You can read the full press release here.


The acquisition is expected to close in 2024, subject to the receipt of required regulatory clearances and approvals and the satisfaction of other closing conditions.