AI Code Analysis Startup Founded by a Bulgarian Team Gets Acquired by a Cybersecurity Unicorn

DeepCode, an advanced AI-powered platform for code analysis spun off by ETH Zurich and developed by a team of Bulgarian founders has been acquired by Snyk, a company valued at $2.6B whose platform enables developers to quickly fix security vulnerabilities. The financial terms of the agreement have not been disclosed.  

For Snyk, which two weeks ago closed a $200M Series D round and already has over 1.5M developers using their products, this is an opportunity to add next-generation AI capabilities to its portfolio and capture additional market share. 

DeepCode, with over 100k repositories subscribed for its service, goes far beyond a simple debugging tool – its team has built an AI system that can quickly learn from billions of program codes, enabling extremely fast detection of security and reliability code issues. “DeepCode’s AI engine will help Snyk both increase speed and ensure a new level of accuracy in finding and fixing vulnerabilities, while constantly learning from the Snyk vulnerability database to become smarter. This will enhance our solution in two ways. It will enable an even faster integration for developers, testing for issues while they develop rather than as an additional step. And it will further increase the accuracy of our results, almost eliminating the need to waste time chasing down false positives,” says an official statement by Snyk.

On its turn, DeepCode will have the opportunity to integrate its technology into existing Snyk products and move closer to its original goal of impacting millions of users worldwide.  

From a university spin-off to a significant startup exit

While DeepCode was founded in 2016, the research area itself was pioneered at ETH Zurich in 2013 when Veselin Raychev, then a doctoral student of Vechev, and Martin Vechev, Professor at ETH Zurich,  together with collaborators, laid the grounds. They built the first prototypes of AI-based systems that could learn from code by showing how to combine data-driven machine learning methods with static code analysis methods based on symbolic reasoning.

The Bulgarian researchers-entrepreneurs observed that in recent years, developers had produced billions of lines of code, freely available in a number of public repositories, together with corresponding bug reports, fixes and other code-related information. Then, the key idea came – building an AI system that can learn from this new type of data (termed Big Code) and can solve various pressing code quality problems as well as detecting unknown security flaws in programs.

For his work on learning from Big Code, Veselin Raychev received the ETH Zurich medal for an outstanding PhD thesis as well as the prestigious ACM Doctoral Dissertation Award, Honorable Mention (top 3 PhD dissertation in computer science, worldwide). This makes him only the third European PhD graduate in the 40-year history of the award and the first Bulgarian ever.

A natural next step was to build an AI-based code analysis system that worked in production and at scale, with the goal of having it used by every developer and every company that creates software.  This led to the birth of DeepCode, which was co-founded by Raychev, Vechev, and Boris Paskalev, who joined as a CEO. Since then, before its acquisition, the company had managed to attract $5.2M in external funding.

What makes DeepCode such an advanced tool?

The differentiating factor is that unlike prior code analysis engines that require manual,  brittle, handwritten rules, DeepCode is based on learning from data: it automatically processes all code related information and builds predictive models that can be used to detect many more flaws and with accuracy beyond the reach of other commercial systems.

Furthermore, DeepCode’s models are interpretable, meaning that a human can examine the model and introduce changes if needed, a capability beyond any existing modern deep learning models.  This makes DeepCode an instance of a third-generation AI system: it can learn from data (code in this case) yet is human-interpretable. Additionally, DeepCode has made algorithmic advances that made this AI not only more capable than conventional tools, but also orders of magnitudes faster.

Another success story

DeepCode’s acquisition by Snyk is one more big product achievement for the Zurich-based Bulgarian entrepreneurs-scientists.  At the beginning of 2020, ChainSecurity, another startup co-founded by Vechev, this time in a team with Dr. Petar Tsankov, was bought by PwC Switzerland. Several months later Vechev along with three other researchers from ETH Zurich introduced the first high-level quantum programming language – Silq.

Below is more information in regards to the background of DeepCode’s three Bulgarian founders. 

Dr. Veselin Raychev 

Dr. Veselin Raychev obtained his PhD from ETH Zurich in 2016 in the area of machine learning for programs. His doctoral dissertation on this topic was honored by the ACM as one of the best three dissertations in computer science worldwide in 2016. Prior to his PhD, Veselin worked for five years as a software engineer at Google. 

Boris Paskalev

Boris Paskalev has more than 15 years of industry experience in growing technology start-ups to above $1B, business and product development, R&D, global team management, and lean operations. He has an executive MBA from TRIUM as well as MSc and BSc in computer science from MIT. 

Martin Vechev

Martin Vechev is a Professor at ETH Zurich where he leads a group that works on next-generation AI systems, quantum and probabilistic programming. Before ETH, he was a research staff member at the IBM T.J. Watson Research Center, New York and prior to that he obtained his PhD from Cambridge University. His work has received many prestigious awards including the ACM Robin Milner Prize and ERC Starting Grant. He has co-founded three startups in the areas of security and artificial intelligence.