Hopper Security is a cybersecurity company focused on managing risks associated with open-source software (OSS) in modern applications. Pulse 2.0 interviewed Hopper Security CEO Roy Gottlieb to gain a deeper understanding of the company.
Roy Gottlieb’s Background
Could you tell me more about your background? Gottlieb said:
“I’ve been writing software since I was 11, back when the internet was wide open and everything that today lives on the ‘dark web’ was just out there on IRC. That early curiosity led me to serve in Unit 81 of the Israeli Defense Forces, where I worked on complex cybersecurity challenges at scale. After that, I spent several years as a venture capitalist, investing in early-stage cyber companies. It gave me a market-wide view of what works, what doesn’t, and what’s missing. Eventually, I realized I didn’t just want to back founders. I wanted to build something myself. That’s what led to Hopper.”
Formation Of The Company
How did the idea for the company come together? Gottlieb shared:
“Hopper was born from years of conversations with friends in security and engineering who were frustrated with managing open-source risk. Teams were drowning in alerts, chasing issues that didn’t matter, and lacking tools that could prioritize what was real. When Executive Order 14028 came out, it pushed the topic into the spotlight and created momentum across the industry. We saw an opportunity to go deeper. We spent months unpacking the root causes, talking to teams, mapping workflows, and studying how other tools operate. The more we learned, the more convinced we became that the current approach doesn’t scale. Hopper is our answer to that.”
Favorite Memory
What has been your favorite memory working for the company so far? Gottlieb reflected:
“One of my favorite moments was right after we launched. We’d spent months working with early design partners, refining the engine and validating the platform. Soon after going public, customers began replacing well-known tools with Hopper in production. That early validation, and seeing the team’s hard work turn into real impact, was incredibly rewarding.”
Core Products
What are the company’s core products and features? Gottlieb explained:
“Hopper is an open-source security platform built to help teams focus on what matters. We reduce noise by over 93% through function-level reachability, hidden dependency detection, and automatic asset discovery. Hopper also maps license risks, flags policy violations, detects malicious packages and maintainers, and identifies AI-related risks in the codebase. As more teams adopt AI-driven development, Hopper helps them understand where AI is used, reduce the cost of AppSec programs, and stay ahead of emerging risks. With agentless, read-only deployment and five-minute onboarding, Hopper delivers fast time to value without disrupting workflows.”
Challenges Faced
Have you faced any challenges in your sector of work recently? Gottlieb acknowledged:
“A key challenge has been educating the market on what’s possible. Many teams have come to accept false positives and alert fatigue as normal. We’ve focused on showing how function-level reachability shifts the approach, replacing noise with accuracy and improving risk reduction. POCs have been essential. When teams see Hopper reduce their backlog by over 90% compared to existing tools, it becomes clear that better outcomes and developer trust are within reach.”
Evolution Of The Company’s Technology
How has the company’s technology evolved since launching? Gottlieb noted:
“Since launch, our reachability engine has grown significantly deeper. We now support complex frameworks like Spring, ASP.NET, and Django, and can detect vulnerabilities in shaded or obscured packages. We’ve added automation that takes teams from detection to fix, with call graphs, root cause tracing, and developer-ready guidance. Beyond vulnerabilities, Hopper now covers license risks, policy violations, and AI-related risks. Much of this has come from working closely with customers to make sure we’re solving the right problems in the right way.”
Significant Milestones
What have been some of the company’s most significant milestones? Gottlieb cited:
“Key milestones include closing our $7.6 million seed round with top cybersecurity investors, deploying into Fortune 500 environments while still in stealth, and replacing legacy AppSec tools that had been in place for years. We’ve completed full procurement reviews with major enterprises and expanded support for complex frameworks. These moments confirmed we weren’t just improving scanning. We were reshaping how companies think about open source risk.”
Customer Success Stories
When asking Gottlieb about customer success stories, he highlighted:
“One of our customers had over 10,000 unresolved vulnerabilities when they started. Hopper filtered out the 93% that didn’t matter, and helped them fix the ones that did. We gave their security team a way to align with engineering. And more importantly, developers stopped ignoring alerts, because Hopper’s insights were proven and trustworthy.”
Funding
When asking Gottlieb about the company’s funding details, he revealed:
“We raised a $7.6 million seed round, led by industry veterans who deeply understand the AppSec and DevSecOps space. We’re seeing strong traction across enterprise accounts, with Fortune 500 companies already replacing incumbent solutions. We’re not sharing revenue numbers yet, but I can say we’re ahead of plan and growing fast.”
Total Addressable Market
What total addressable market (TAM) size is the company pursuing? Gottlieb assessed:
“Open-source software is everywhere. The total addressable market across software composition analysis, open-source risk management, and supply chain security is well over $10 billion. But we’re not just chasing market size, we’re solving a real pain point that nearly every product and AppSec team feels.”
Differentiation From The Competition
What differentiates the company from its competition? Gottlieb affirmed:
“Most tools take a quantity-first approach: scan everything, alert on everything, and leave teams buried. Hopper takes a quality-first approach. We use function-level analysis and AI exploitability verification to determine whether a vulnerability is actually exploitable. We provide full visibility into shaded, repackaged, and obscured dependencies that other tools often miss. Our deployment is instant, with no agents, no runtime hooks, and no DevOps changes. We also help teams map AI-related risks and identify applications leveraging AI. Hopper turns noise into trust and action.”
Future Company Goals
What are some of the company’s future goals? Gottlieb emphasized:
“Looking ahead, we’re focused on growing our U.S. office, deepening our partnerships with companies that take security seriously, and expanding the platform across more languages, ecosystems, and risk types. We’re also exploring how AI can improve both our product and how teams build and secure software. Our broader vision is to unlock the full potential of open source without adding friction for security or engineering. Hopper should make secure development simple, scalable, and reliable.”
Additional Thoughts
Any other topics you would like to discuss? Gottlieb concluded:
“Security doesn’t need to be noisy to be effective. Hopper is proof that precision, automation, and developer alignment are not just possible. They’re essential. We’re building the platform we wish we had when we were on the other side of the table.”
