Startup Diligence
Diligence report Enterprise Tech; developer security; AI application security; software supply-chain security Late-stage private unicorn

Snyk

Snyk Public-Source Startup Diligence Report

Snyk is a scaled developer-security platform in a strategically important category: AI-assisted secure software development, open-source supply-chain risk, container/IaC security, and application risk management. The upside case depends on durable enterprise retention, platform attach, AI remediation efficacy, and ability to defend pricing against bundled platform-native tools and cloud-security suites.

Company profile

Snyk Public-Source Startup Diligence Report

Track with high-priority financial, customer, competitive, and legal diligence before any investment decision. Public evidence supports Snyk as an active, late-stage private developer-security unicorn with broad product and enterprise traction, but the most material underwriting inputs remain private.

Website
snyk.io
Sector
Enterprise Tech; developer security; AI application security; software supply-chain security
Geography
United States headquarters in Boston with UK legal entity and global offices
Stage
Late-stage private unicorn
Known aliases
Snyk Limited, SNYK LIMITED, Snyk, Inc., DeepCode, Fugue, Probely
Report version
1.0
Timezone
UTC

Executive summary

Strengths

  • Snyk appears on CB Insights current unicorn list at $7.40B valuation.
  • Snyk publicly offers a broad developer-security product platform.
  • Snyk has public Free-to-Enterprise packaging.
  • SNYK LIMITED is active at Companies House and Snyk states it has a global team over 1,000 employees.

Risks

  • Valuation, preference-stack, and financing terms are opaque.
  • Revenue quality, profitability, and SaaS unit economics are not public.
  • Crowded AppSec and developer-security competition may pressure growth and pricing.
  • Customer concentration, renewal quality, and churn are not publicly visible.
  • Privacy, security, and regulated-enterprise obligations require private review.

Gaps

  • Audited financial statements, ARR bridge, NRR/GRR, gross-margin waterfall, CAC/payback, collections, and cash runway.
  • Current cap table, preference stack, debt/warrants, secondaries, option pool, and employee-equity repricing or retention analysis.
  • Top-customer ARR, renewal schedule, churn reasons, direct references, support history, and customer security exceptions.
  • Win/loss, market share, competitor-specific pricing pressure, AI remediation benchmarks, and module-level product telemetry.
  • Full legal entity chart, litigation and demand-letter register, IP assignments, OSS compliance audit, DPAs, audit reports, insurance, and incident history.

Recommended next steps

  • Condition further diligence on a financial data room covering audited financials, ARR/retention, gross margin, bookings/billings, cash runway, and financing documents.
  • Run customer diligence on top accounts and selected churned/lost prospects, focusing on concentration, renewal risk, module attach, procurement pressure, and Snyk-vs-bundled-tool tradeoffs.
  • Run product/technology diligence on AI remediation quality, vulnerability-intelligence provenance, product telemetry, security architecture, incident history, and roadmap delivery.
  • Run legal diligence on corporate structure, IP ownership, OSS/data rights, customer contracts, DPAs/subprocessors, SOC2/ISO/FedRAMP evidence, insurance, employment, and litigation.

Risk register

high high likelihood

R-003: Crowded AppSec/developer-security competition may pressure growth and pricing

Snyk competes against platform-native tooling, legacy AppSec suites, CNAPP/ASPM vendors, secrets scanners, and AI security entrants.

Diligence request: Review win/loss, competitor displacement, pricing and discounts, analyst reports, and churn reasons by competitor.

high high likelihood

R-010: Fast-moving AI security threat landscape

AI-assisted development and attacker automation can both increase demand and accelerate product-obsolescence risk if Snyk remediation accuracy or coverage lags.

Diligence request: Evaluate AI roadmap, model/data rights, accuracy benchmarks, security research cadence, and competitive AI-native alternatives.

high medium likelihood

R-001: Valuation, preference-stack, and financing opacity

CB Insights shows a $7.40B current valuation and $1.247B total raised, while secondary evidence reports a prior $8.5B valuation. Without round documents, preference stack, secondary-sale detail, and runway data, investor-return and employee-equity implications cannot be assessed.

Diligence request: Review full cap table, round documents, liquidation preferences, debt/warrants, secondaries, cash runway, and board financing plan.

high medium likelihood

R-002: Revenue quality, profitability, and SaaS unit economics are not public

Secondary public revenue/loss figures are not enough to validate ARR quality, margin profile, retention, CAC, payback, or cash conversion.

Diligence request: Obtain audited statements, ARR bridge, cohort retention, gross-margin waterfall, CAC/payback, billings/collections, and cash-flow model.

high medium likelihood

R-005: Customer concentration and retention are opaque

Named customers and case studies support enterprise traction, but account-level ARR, renewal dates, churn, NRR, and logo-rights status are not public.

Diligence request: Request top-customer ARR, renewal schedule, churn logs, NRR/GRR cohorts, and direct references.

high medium likelihood

R-006: Privacy, security, and regulated-enterprise obligations require document review

Public pages cite compliance and security posture, but audit reports, DPAs, subprocessors, incident history, and customer-specific exceptions are private.

Diligence request: Review SOC2/ISO/FedRAMP evidence, DPAs, subprocessors, incident/breach logs, export-control analysis, and regulated-customer contracts.

medium medium likelihood

R-004: AI and remediation efficacy must be proven quantitatively

Public product claims establish product modules and AI positioning, but not false-positive rates, model governance, fix acceptance, or customer outcome repeatability.

Diligence request: Review product telemetry, scan/fix benchmarks, AI model governance, incident history, and reference calls.

medium medium likelihood

R-008: Leadership transition and workforce trend ambiguity

Snyk currently lists an interim CEO/CFO, while headcount public anchors differ between a 2022 secondary count and current careers language.

Diligence request: Review CEO succession, executive retention, headcount bridge, attrition, restructuring, and employee morale data.

Chapter 01

01Financial Information

Snyk is a late-stage private security-software unicorn with public valuation and funding signals but no public audited financial package, ARR bridge, gross-margin detail, cohort retention, cap table, debt schedule, or runway disclosure.

I.A Historical financial statements and quality of earnings

partially verified confidence: medium

Secondary sources report revenue and loss, but audited financials, ARR, margin, burn, and cash conversion are not public.

Evidence gaps

  • Audited 2022-2025 financial statements, monthly management accounts, ARR bridge, deferred-revenue roll-forward, gross margin by product, and cash model.

Hidden risks

  • Revenue quality or retention may differ materially from valuation assumptions.
  • Cash runway and financing contingency cannot be assessed from public sources.

Follow-up questions

  • Provide audited statements, management reporting packs, ARR/NRR by cohort, gross-margin bridge, CAC/payback analysis, and cash-burn forecast.
Public revenue, profitability, and unit-economics signals
metricpublic signalverification statusdiligence request
RevenueSecondary source reports US$220M revenue for 2023.partially_verifiedAudited revenue by month, SKU, region, customer segment, and contract type.
Net income / lossSecondary source reports US$176M net loss for 2023.partially_verifiedAudited income statement, cash-flow statement, EBITDA bridge, non-cash adjustments, and one-time items.
ARR / NRR / gross retentionNot disclosed publicly.not_publicly_verifiableARR bridge, NRR/GRR by cohort, logo churn, expansion, contraction, and downgrade reasons.
Gross margin and unit economicsPricing ladder indicates SaaS plans but not economics.not_publicly_verifiableCOGS by product, cloud spend, support cost, CAC, payback, LTV/CAC, and services mix.

Public financial signals are insufficient for valuation underwriting.

I.B Financing history and capitalization

partially verified confidence: medium

Public sources support unicorn status and funding scale, but round documents and capitalization economics are private.

Evidence gaps

  • Round documents, investor consents, option-pool detail, fully diluted capitalization, debt schedule, warrants, and liquidation preference stack.

Hidden risks

  • A valuation below a prior peak signal could create employee-equity, preference, and exit-waterfall complexity.

Follow-up questions

  • Provide current and pro forma cap table, financing documents, investor-rights agreements, debt/credit agreements, warrant schedules, and option-pool history.
Public funding and valuation history
dateeventamount or valuationdiligence caveat
2020-01-21CB Insights unicorn tracker date joined.$7.40B valuation in current tracker.Verify valuation methodology, last priced round, and current preference stack.
Current profileCB Insights company profile funding signal.$1.247B total raised per profile.Does not disclose preferences, debt, secondaries, warrants, or runway.
2021Secondary source peak valuation signal.$8.5B valuation signal reported by Wikipedia for a $300M round.Obtain original round documents and board materials; treat as secondary until verified.

Public financing records are incomplete; do not infer full capitalization.

Snyk public financing timeline Public financing and corporate-history anchors used for financial diligence scoping.

Financing documents are required for final underwriting.

Public valuation anchor chart Sparse public valuation anchors show the need to reconcile current database valuation with prior priced-round evidence.

Treat the line as a sparse anchor chart, not a continuous valuation series.

Chapter 02

02Products

Snyk offers a broad developer-security platform covering code, open-source dependencies, containers, IaC, and application risk management. Product breadth is well evidenced by company pages; product-level ARR, usage, remediation efficacy, and AI governance remain private.

II.A Product portfolio and core capabilities

verified confidence: high

Public product pages evidence a multi-module platform across SAST/code scanning, SCA/license risk, containers, IaC, and AppRisk.

Evidence gaps

  • Product-level ARR, active projects/repos, scan volumes, false-positive rates, fix acceptance, SLA history, and roadmap delivery metrics.

Hidden risks

  • Product breadth may mask uneven module adoption or weak attach rates.
  • AI remediation claims may create accuracy and liability exposure.

Follow-up questions

  • Provide ARR by module, usage telemetry, remediation accuracy, false-positive rates, AI governance, incident history, and roadmap completion history.
Product and SKU matrix
modulepublic capabilitydiligence test
Snyk CodeCode scanning/SAST and AI-assisted fixes.Measure false positives, fix acceptance, language coverage, scan latency, and secure-code AI governance.
Snyk Open SourceDependency vulnerability and license-compliance management.Verify vulnerability database quality, license coverage, SBOM output, and remediation accuracy.
Snyk ContainerContainer image and Kubernetes security.Benchmark image scanning, base image recommendation value, registry coverage, and runtime relevance.
Snyk IaCInfrastructure-as-code misconfiguration detection.Verify policy coverage, developer workflow adoption, and cloud misconfiguration outcomes.
Snyk AppRiskApplication risk management, asset discovery, and prioritization.Verify asset coverage, prioritization accuracy, executive dashboard adoption, and CNAPP/ASPM overlap.

Product existence is public; adoption and economics are private.

Snyk platform architecture map Public product modules map into developer workflows and security governance.

Architecture is inferred from public product pages.

II.B Packaging, pricing, and buyer fit

verified confidence: high

Snyk discloses a Free, Team, Ignite, and Enterprise ladder, but discounting, utilization, and plan-level economics are not public.

Evidence gaps

  • Contract-level pricing, discount bands, paid-seat utilization, SKU attach, overage economics, services revenue, and enterprise procurement terms.

Hidden risks

  • Competitive discounting or low seat utilization could pressure revenue quality.

Follow-up questions

  • Provide pricing waterfall, discount bands by segment, usage-to-entitlement analysis, packaging migration history, churn by plan, and expansion by SKU.
Public packaging and pricing signals
plantarget customerpublic featuresdiligence gap
FreeIndividual developers and small teams.Entry-level scanning and developer adoption.Conversion rate, support burden, abuse controls, and paid-upgrade paths.
TeamDevelopment teams.Team-level Snyk security coverage.Paid-seat utilization, churn, ARPU, and discounting.
IgniteOrganizations with under 50 developers.Broader governance and reporting for smaller organizations.Upgrade rate to Enterprise, margin, and discounting by account size.
EnterpriseLarge organizations.SSO, SBOMs, compliance, reporting, data residency, and FedRAMP options.ACV, renewal uplift, security addenda, DPAs, and procurement exceptions.

Public plan labels do not reveal realized economics.

Chapter 03

03Customer Information

Public customer evidence supports a broad enterprise security customer base with named examples and vendor-published outcomes. Customer concentration, retention, NPS, contract terms, renewal calendar, and reference quality remain private.

III.A Customers, case studies, and references

partially verified confidence: medium

Snyk publicly cites hundreds of organizations and named customers, but ARR concentration and active status need direct validation.

Evidence gaps

  • Customer-level ARR, top-20 concentration, renewal dates, churn history, NPS, support tickets, contract obligations, and reference permissions.

Hidden risks

  • Public logo evidence may include inactive, low-ARR, or narrow-scope accounts.

Follow-up questions

  • Provide top-50 customer ARR, renewal schedule, NRR/GRR cohorts, churn reasons, support history, NPS, and permissioned customer references.
Public customer and case-study evidence
customerpublic use case or outcomediligence request
SkyscannerVendor-published case study says nearly 500 projects were monitored and security shifted left.Obtain direct customer reference and contract metrics.
OktaCustomer quote tied to Snyk Code / AI static analysis appears on Snyk customer page.Confirm usage, ARR, renewal status, and procurement terms.
ICE / NYSECustomer page cites TEI benefits and remediation-speed claims.Review underlying study, implementation scope, and contract value.
Google, AB InBev, Spotify, Snowflake, Komatsu, TechnologyOne, LabelboxNamed examples appear on Snyk customer/about pages.Confirm active status, ARR, renewal, scope, and logo rights.

Vendor-published customer evidence is not a substitute for reference calls.

Public customer evidence concentration chart Public references are logo/case-study evidence, not revenue concentration.

Customer evidence is vendor-published and should be reference-checked.

III.B Partners, integrations, and supplier dependencies

verified confidence: high

Snyk has broad integration and partner evidence, which creates both distribution leverage and platform-dependency exposure.

Evidence gaps

  • Partner pipeline/revenue, reseller contracts, marketplace performance, co-sell terms, supplier concentration, cloud spend, and subprocessor list.

Hidden risks

  • API, marketplace, or platform-policy changes could affect workflow access or competitive positioning.

Follow-up questions

  • Provide partner-sourced revenue, reseller terms, integration usage by account, API dependency map, cloud/infrastructure spend, and business continuity plans.
Strategic relationships and integration dependency map
relationship categoryexamples publicly visiblebusiness rolediligence gap
Source-code managementGitHub, GitLab, Bitbucket, Azure Repos.Core developer workflow entry point.API dependency, marketplace performance, change-of-policy risk, co-sell or partnership terms.
CI/CD and issue trackingJenkins, Jira and workflow tooling categories.Remediation workflow and developer notification.Integration usage by account, maintenance burden, and partner SLAs.
Cloud, registry, and container ecosystemAWS, Azure, Google Cloud, Docker, Kubernetes categories.Container, IaC, and cloud-risk coverage.Cloud marketplace ARR, registry API limits, policy dependencies.
Reseller / solution partner ecosystemSnyk partner directory categories.Implementation and channel reach.Partner-sourced bookings, margin, rev-share, partner concentration.

Integration breadth creates both distribution and operational dependency.

Chapter 04

04Competition

Snyk operates in a crowded application-security and developer-security market spanning GitHub/GitLab-native tools, legacy AppSec vendors, cloud-security platforms, secrets scanners, and newer AI security entrants. Public evidence supports competitive breadth but not market share, win rates, or pricing pressure.

IV.A Competitive set and market positioning

verified confidence: medium

CB Insights and Snyk comparison pages identify a broad competitive set across platform-native, legacy AppSec, and specialized developer-security tools.

Evidence gaps

  • Market share, win/loss, competitor replacement source, discounting, proof-of- concept conversion, and analyst-report detail.

Hidden risks

  • Bundled tools from SCM and DevOps platforms may lower buyer willingness to pay for standalone developer-security products.

Follow-up questions

  • Provide win/loss by competitor, pipeline displacement data, discount approval logs, proof-of-concept conversion rates, and competitive churn reasons.
Competitor comparison matrix
competitor or categorysegment overlapSnyk positioningdiligence question
GitHub Advanced Security / SCM-native securityCode scanning, dependency scanning, secret scanning, developer workflow.Independent multi-platform developer security.Win/loss versus bundled SCM security and attach/renewal impact.
GitLab securityDevSecOps platform-native security.Cross-platform breadth and remediation.Budget displacement versus bundled DevOps suites.
Veracode and legacy AppSec suitesSAST, SCA, enterprise AppSec governance.Developer-first workflow and remediation.Replacement versus coexistence, regulated-enterprise preferences, price pressure.
GitGuardian and specialized developer-security vendorsSecrets, code risk, and adjacent developer workflows.Broader platform breadth.Need specialized acquisitions or integrations for best-of-breed gaps.

Vendor comparison pages are useful positioning evidence but not neutral win-rate data.

Developer-security competitive market map Public competitor map by platform breadth and developer-workflow depth.

Requires win/loss and customer validation.

IV.B Basis of competition and pricing pressure

inconclusive confidence: medium

Competition likely centers on developer workflow depth, platform breadth, AI remediation quality, enterprise trust, and bundled-platform economics.

Evidence gaps

  • Competitive win-rate data, customer replacement maps, pricing benchmarks, buyer-budget wallet share, and competitor discounting.

Hidden risks

  • A large competitor could bundle enough security capability to cap Snyk pricing.

Follow-up questions

  • Provide segmented win/loss, competitor pricing benchmarks, renewal discount analysis, roadmap response to GitHub/GitLab/Wiz/legacy suites, and buyer-budget analysis.
Basis of competition scoring
axisSnyk public positioncompetitor pressurefollow up
Developer workflow breadthStrong public evidence across SCM/CI/CD/IDE/container/cloud integrations.Bundled SCM/DevOps platforms.Measure active usage and attach by integration.
Platform breadthCode, SCA, Container, IaC, AppRisk.CNAPP, ASPM, AppSec suites, point tools.ARR and retention by module.
AI remediationAI security and DeepCode-style positioning.AI coding assistants and AI-native AppSec entrants.Model evals, fix acceptance, liability terms.
Enterprise trust/complianceSOC2/GDPR/ISO/FedRAMP/data-residency signals.Established AppSec and cloud-security vendors.Review audit reports and customer security exceptions.

Scoring is analyst judgment from public evidence and requires customer validation.

Chapter 05

05Marketing, Sales, and Distribution

Snyk appears to combine developer-led adoption, freemium/low-friction plans, enterprise sales, partner/integration channels, and customer proof. The public channel map is credible, but pipeline conversion, sales efficiency, partner contribution, and demand-generation ROI are not public.

V.A Go-to-market motions

partially verified confidence: medium

Public plans and integrations support product-led and developer-led entry with enterprise conversion paths.

Evidence gaps

  • Sales headcount by segment, pipeline source, conversion rates, partner-sourced bookings, average sales cycle, and enterprise seat utilization.

Hidden risks

  • Sales productivity or partner contribution may be weaker than implied by product and logo breadth.

Follow-up questions

  • Provide pipeline source mix, funnel conversion, ACV and sales cycle by segment, partner-sourced ARR, win-rate by channel, self-serve-to-enterprise conversion, and sales capacity plan.
Distribution channels and GTM motions
channelpublic signallikely rolediligence metric needed
Developer-led free/self-serveFree plan and developer workflow integrations.Usage seeding and product-led acquisition.Free-to-paid conversion, active usage, abuse/support costs.
Team and Ignite paid plansPublic Team and Ignite packaging.Paid expansion and land-and-expand bridge.ARPU, churn, conversion to Enterprise, utilization.
Enterprise direct salesEnterprise plan, compliance capabilities, and named customers.Primary large-account monetization.ACV, sales cycle, pipeline coverage, discounting, win/loss.
Partner/reseller/integration ecosystemPartner directory and integrations.Distribution leverage and platform stickiness.Partner-sourced pipeline, reseller margin, marketplace revenue.

Channel weights are not disclosed publicly.

GTM channel mix diligence chart Public channel evidence exists, but channel revenue weight is not disclosed.

Channel mix cannot be estimated responsibly from public evidence.

V.B Marketing signals and enterprise procurement

partially verified confidence: medium

Category positioning, comparison pages, customer proof, and compliance claims support enterprise demand generation but not conversion economics.

Evidence gaps

  • Marketing spend, MQL-to-SQL conversion, channel CAC, event ROI, brand-search trends, procurement redlines, and security exception logs.

Hidden risks

  • Enterprise redlines, DPAs, and security exceptions may slow sales cycles or increase liability exposure.

Follow-up questions

  • Provide demand-generation spend by channel, source-to-close attribution, CAC by channel, web conversion, procurement redlines, and security exception history.
Public marketing-signal summary
signalevidenceinterpretationdiligence gap
Category positioningAI security company and developer-security platform language.Snyk is refreshing AppSec positioning around AI and developer workflows.Message testing, pipeline influence, brand-search conversion.
Customer proofNamed customers and case-study outcomes.Supports enterprise credibility but is vendor-curated.Reference calls, logo-rights agreements, active-customer status.
Competitive landing pagesComparison pages against GitHub Advanced Security, Veracode, GitLab.High-intent acquisition and differentiation tactic.Traffic, conversion rate, influenced pipeline, competitor-specific win rates.
Enterprise trustPublic security/compliance posture and data-residency features.Security posture likely supports enterprise procurement.Audit packages, security exceptions, DPAs, and procurement redlines.

Marketing efficiency cannot be inferred from public evidence alone.

Chapter 06

06Research and Development

Snyk product pages and IP signals indicate ongoing R&D investment in AI-assisted developer security, AppRisk, SCA, containers, and IaC. Public sources do not disclose engineering headcount allocation, model governance, vulnerability-research process, roadmap commitments, or R&D accounting.

VI.A R&D organization and product pipeline

partially verified confidence: medium

Public product pages show a multi-module R&D surface, but technical execution and roadmap evidence remain private.

Evidence gaps

  • Engineering headcount by module, R&D budget, roadmap burnup, technical-debt backlog, model governance, and vulnerability-research process.

Hidden risks

  • Weak model governance or vulnerability-intelligence provenance could undermine customer trust.

Follow-up questions

  • Provide R&D headcount by team, roadmap and delivery metrics, AI/model governance, vulnerability-research process, technical-debt register, product incident history, and R&D capitalization policy.
Public product and R&D pipeline map
initiativepublic statusRnD question
AI-assisted code remediationMarketed via Snyk Code and AI positioning.Fix acceptance, model accuracy, secure-code outcomes, liability boundaries.
Application risk managementSnyk AppRisk product page.Asset discovery accuracy, prioritization quality, integration maintenance.
SCA/SBOM/license governanceSnyk Open Source and plan features.License data accuracy, vulnerability feed quality, SBOM adoption.
Container and IaC expansionContainer and IaC product pages.Cloud-provider coverage, Kubernetes relevance, drift/runtime signal, CNAPP overlap.

Roadmap and delivery metrics are private.

R&D portfolio map Public R&D surface derived from product modules and IP signals.

Technical diligence should inspect telemetry and architecture, not just product pages.

VI.B Technology defensibility and intellectual property

partially verified confidence: medium

Public IP signals exist, but patents, trademarks, assignments, OSS obligations, and AI/data rights require legal/technical review.

Evidence gaps

  • Patent applications, assignment history, employee invention agreements, OSS license scans, third-party code provenance, AI training-data rights, and trade-secret procedures.

Hidden risks

  • OSS or data-rights gaps could affect a developer-security business that scans code and depends on vulnerability intelligence.

Follow-up questions

  • Provide patent portfolio report, invention assignments, OSS license audit, AI training-data provenance, security research IP ownership, third-party code provenance, and litigation/non-infringement analysis.
Technology defensibility and IP review table
signalpublic evidencerisk or opportunitydiligence request
PatentsCB Insights reports 9 patents filed.Some visible IP footprint, but claim scope unknown.Patent family list, assignments, prosecution status, claim chart, FTO review.
TrademarksJustia search results show SNYK and related marks.Brand and acquisition-history assets need chain-of-title review.Official trademark files, renewals, assignments, oppositions, and mark-use evidence.
AI/security data assetsSnyk positions AI-assisted code security and vulnerability management.Potential differentiation and liability/data-rights exposure.Model cards, data provenance, evaluation metrics, vulnerability database licenses.
Open-source complianceSnyk Open Source and license-compliance product positioning.Product credibility depends on license-data accuracy and internal OSS compliance.Internal OSS audit, third-party code provenance, and customer deliverable review.

IP and OSS claims require counsel and technical audit.

Chapter 07

07Management and Personnel

Snyk has public evidence of scale, global offices, a 1,000+ employee base, and a current leadership roster. A notable diligence item is leadership transition because current Snyk pages list Ken MacAskill as interim CEO/CFO while some secondary sources may still show prior CEO information.

VII.A Leadership team and board

verified confidence: high

Current Snyk leadership pages list an interim CEO/CFO and a senior leadership roster; board pages list founder and investor/operator directors.

Evidence gaps

  • Board minutes, succession plan, executive employment agreements, compensation, retention grants, option repricing, and key-person insurance.

Hidden risks

  • Interim CEO/CFO role combination can create succession, bandwidth, retention, and customer-confidence questions.

Follow-up questions

  • Provide management org chart, succession plan, executive agreements, compensation/retention plan, board minutes for CEO transition, key-person coverage, and option refresh/repricing details.
Senior management and board roster
namepublic rolesourcediligence focus
Ken MacAskillChief Executive Officer & CFO; described as interim CEO.Snyk leadership page.Succession plan, CFO bandwidth, CEO transition, retention plan.
Lindsey BennettChief Accounting Officer.Snyk leadership page.Accounting controls, close process, audit readiness.
Diana BrunelleChief People Officer.Snyk leadership page.Attrition, hiring plan, compensation, culture.
Manoj NairChief Innovation Officer.Snyk leadership page.R&D roadmap and AI/product governance.
Tom NielsenChief Revenue Officer.Snyk leadership page.GTM productivity, pipeline, renewals, customer concentration.
Guy PodjarnyChairman & Founder.Snyk board page.Founder continuity, governance, IP assignment, strategic oversight.

Public role list should be validated against management org chart and board materials.

Public leadership and governance org chart Current public leadership/board structure from Snyk pages.

Verify current reporting structure and succession plan with company records.

Public headcount anchor chart Public headcount anchors suggest scale and possible trend ambiguity.

Requires HRIS/payroll validation.

VII.B Headcount, hiring, and geographic footprint

partially verified confidence: medium

Snyk states it has a global team over 1,000 employees and global offices; a secondary 2022 employee count should be reconciled to current headcount.

Evidence gaps

  • Actual headcount by function/region, contractor count, attrition, hiring plan, office commitments, layoffs/restructuring history, and employee claims.

Hidden risks

  • The apparent gap between 2022 and current public headcount anchors could reflect layoffs, stale data, contractor definitions, or changed disclosure.

Follow-up questions

  • Provide headcount bridge, attrition and regretted-loss data, contractor/vendor population, hiring plan, restructuring history, office leases, and employee engagement survey summaries.
Headcount and geography signals
signalpublic valuesourcediligence caveat
Employee count 20221,400 employees in secondary source.Wikipedia.Definition and date require company confirmation.
Current public headcount languageGlobal team of over 1,000 employees.Snyk careers.May indicate contraction or definitional difference versus 2022 secondary figure.
Headquarters and officesBoston headquarters; offices include Boston, Bucharest, Cluj, Lisbon, London, Ottawa, Singapore, Sydney, Tel Aviv, Tokyo, Zurich.Snyk about.Lease commitments and employment-law exposure require review.

Headcount trend requires company payroll and HRIS records.

Chapter 08

08Legal and Related Matters

Snyk is an active private company with public privacy, terms, security, compliance, and trademark evidence. No legal clearance should be inferred: litigation, customer obligations, employment matters, IP chain of title, DPAs, subprocessors, insurance, sanctions/export controls, and regulatory correspondence require private review.

VIII.A Corporate status, litigation, and entity structure

partially verified confidence: high

Companies House confirms SNYK LIMITED is active, but global entity structure, litigation, claims, insurance, and change-of-control consents are not public.

Evidence gaps

  • Full entity org chart, charter documents, board/investor consents, litigation dockets, settlement agreements, insurance policies, loss runs, and claims logs.

Hidden risks

  • Unseen disputes, indemnity claims, insurance exclusions, or entity-level consent rights could affect transaction risk.

Follow-up questions

  • Provide entity chart, constitutional documents, board minutes/consents, investor approval rights, counsel-run docket searches, claims register, settlements, insurance policies, and loss runs.
Corporate and litigation diligence table
matterpublic statusverification statusdiligence request
SNYK LIMITED corporate statusActive private limited company incorporated 2015-07-09.verifiedFull legal entity chart and all material subsidiaries/branches.
Pending lawsuits against SnykNo comprehensive docket search available in this run.not_publicly_verifiableCounsel-run docket searches in US, UK, EU, Israel, and material operating jurisdictions.
Threatened claims, settlements, indemnities, insuranceNot public.not_publicly_verifiableClaims register, demand letters, settlement agreements, indemnity notices, cyber/E&O/D&O policies, and loss runs.

Absence of public docket review is not legal clearance.

Legal and regulatory diligence timeline Public legal/IP/compliance milestones visible from accessible sources.

Legal timeline is not a docket or clearance opinion.

VIII.B IP, privacy, security, and regulatory obligations

partially verified confidence: medium

Public sources show trademarks/patent signals and compliance/security posture claims, but detailed IP, OSS, DPA, audit, incident, and regulatory materials require private review.

Evidence gaps

  • Patent/trademark files, IP assignments, OSS audit, AI/data rights, SOC2/ISO evidence, FedRAMP package, DPAs, subprocessor list, incident history, export controls, and regulated-customer obligations.

Hidden risks

  • Code scanning, vulnerability intelligence, and AI remediation create sensitive data, IP, privacy, and contractual risk surfaces.

Follow-up questions

  • Provide IP schedule, assignment agreements, OSS compliance audit, data licenses, AI input/output policies, SOC 2/ISO/FedRAMP evidence, DPAs, subprocessors, incident logs, and export-control assessment.
IP, regulatory, privacy, and customer-contract review table
topicpublic signalriskdiligence request
Trademarks and patentsJustia lists Snyk-related marks; CB Insights reports 9 filed patents.Ownership, scope, renewals, assignments, and freedom-to-operate remain unverified.Official patent/trademark files, assignment chain, claim charts, FTO review, and acquisition IP schedules.
Privacy and data protectionPrivacy policy publicly available.Cross-border transfer, processor/controller obligations, code telemetry, and sensitive security data.DPAs, subprocessor list, DPIAs, transfer assessments, incident logs, and privacy counsel memo.
Enterprise security commitmentsSecurity and plan pages reference encryption, SOC 2 Type II, GDPR, ISO 27001/27017, FedRAMP options, and data residency.Customer-specific exceptions and audit obligations may exceed public terms.SOC 2 report, ISO certificates, FedRAMP package, security questionnaire exceptions, and customer audit rights.
Terms, indemnities, export controls, and regulated customersPublic terms are available; enterprise MSAs are private.Enterprise liability caps, IP/security indemnities, sanctions/export controls, and regulated-customer requirements.Top customer MSAs, liability caps, indemnities, export-control assessment, sanctions screening, and regulated-customer obligations.

Public compliance language must be reconciled to audit reports and contracts.

Snyk risk heatmap Risk register summarized by severity and likelihood.

Risk ratings are analyst judgments from public evidence.

Evidence

Evidence claims
IDClaimStatusSources
EC-001 CB Insights listed Snyk as a current unicorn with a $7.40B valuation, 2020-01-21 date joined, United States/Boston geography, Enterprise Tech category, and selected investors BOLDstart Ventures, Google Ventures, and Accel. verified high S-001
EC-002 SNYK LIMITED is an active private limited company incorporated in the United Kingdom on 2015-07-09. verified high S-004
EC-003 Secondary public sources describe Snyk as a private computer-security company founded in 2015, headquartered in Boston, with founders Guy Podjarny, Danny Grander, and Assaf Hefetz; the same source reports 2023 revenue of $220M, 2023 net loss of $176M, and 1,400 employees in 2022. partially verified medium S-003
EC-004 Snyk publicly positions itself as an AI security company that helps organizations find and fix security issues across code, dependencies, containers, and cloud infrastructure, with Boston headquarters and global offices. verified high S-005
EC-005 Snyk publicly offers Free, Team, Ignite, and Enterprise plans with features spanning Code, Open Source, IaC, Container, AppRisk, reports, SSO, SBOMs, compliance, and data residency options. verified high S-007
EC-006 Public product pages describe modules for code scanning, open-source dependency and license risk, container security, infrastructure-as-code security, and application risk management. verified high S-008S-009S-010S-011S-012S-013
EC-007 Snyk customer pages cite hundreds of organizations and named customer examples, while the Skyscanner case study says nearly 500 projects were monitored. partially verified medium S-014S-015
EC-008 Snyk exposes a broad ecosystem surface through integrations and partner listings across code hosts, CI/CD, issue tracking, cloud providers, registries, IDEs, and security workflow tools. verified high S-016S-017
EC-009 Snyk faces competition from adjacent developer-security, application-security, cloud-security, secrets-detection, and vulnerability-management vendors; CB Insights names competitors and Snyk comparison pages target GitHub Advanced Security, Veracode, and GitLab. verified medium S-002S-024S-025S-026
EC-010 Snyk states on its careers site that it was founded in London and Tel Aviv in 2015 and has a global team of over 1,000 employees. verified high S-006
EC-011 Snyk current leadership page lists Ken MacAskill as Chief Executive Officer & CFO and describes him as interim CEO; the same page lists Lindsey Bennett, Diana Brunelle, Manoj Nair, Tom Nielsen, and Austin Martin in senior roles. verified high S-018
EC-012 Snyk board page lists Guy Podjarny as Chairman & Founder and lists Mike Scarpelli, Sanjay Poonen, Ken Fox, Ping Li, Philippe Botteri, and Peter McKay as board/advisor figures. verified high S-019
EC-013 Snyk public security, privacy, and plan pages disclose compliance/security posture such as encryption in transit/rest, SOC 2 Type II, GDPR, ISO 27001/27017, FedRAMP plan support, and US/EU/Australia data-residency options. partially verified medium S-007S-020S-021
EC-014 Justia trademark results show SNYK, DEVSECCON, FUGUE, and PROBELY marks associated with Snyk entities; CB Insights says Snyk has filed 9 patents. partially verified medium S-002S-023
EC-015 Public financing data is incomplete; CB Insights profile reports total funding raised of $1.247B and investor names, while the unicorn tracker reports $7.40B latest valuation; detailed cap table, liquidation preferences, debt, secondary sales, and runway are not public. partially verified medium S-001S-002
EC-016 No comprehensive public-source litigation docket review, customer-contract review, employment-agreement review, insurance review, or data-processing agreement review was available in this run; legal exposure remains a diligence gap rather than a cleared item. not publicly verifiable high S-004S-021S-022S-023

Disclaimer

This report is a public-evidence diligence snapshot, not investment advice. Important financial, legal, technical, and contractual facts remain non-public and should be verified directly with management and primary documents before any investment decision.