Hopper

Cybersecurity Dual-Use Technology Priority Signal Founded 2024

Last updated: Apr 30, 2026

Hopper provides autonomous patching for open-source library vulnerabilities, using AI agents to analyze exploitability, generate non-breaking patches, and verify fixes without requiring version upgrades or architectural changes.

Visit Website

Company Overview

Hopper addresses a critical vulnerability management gap in software supply chains. While open-source library vulnerabilities (Software Composition Analysis findings) are ubiquitous, traditional remediation requires version upgrades, changelog reviews, regression testing, and risk management—creating persistent backlogs in security and engineering teams. Hopper's core innovation is autonomous patch generation: AI-powered agents analyze each vulnerable dependency, determine exploitability conditions, generate patches that fix the vulnerability without breaking changes, build and test candidate versions, and deliver pre-verified secure versions to developers. This keeps vulnerable libraries at their original version, eliminating upgrade risk and maintenance burden.

The market fundamentals are strong. Enterprise software depends on open-source libraries at scale; the average codebase includes hundreds or thousands of dependencies. Public CVE disclosures, CISA advisories, and SBOMs create continuous vulnerability discovery. Current practices—waiting for upstream fixes, upgrading versions with testing overhead, or accepting risk—create intolerable security-engineering trade-offs in regulated and high-assurance environments. Hopper targets enterprise development teams, security platforms, and container/supply-chain tooling vendors who must operationalize open-source risk at scale without paralyzing deployment velocity.

Hopper was founded in 2024 by Roy Gottlieb (CEO) and Oron Gutman (CTO) in Tel Aviv, with backing from Meron Capital and NewEra Capital Partners. The company raised $7.6 million in seed funding (reported February 2025) and operates with approximately 11-50 employees. The team includes experienced security, AI, and infrastructure engineers, with a deliberate focus on building developer-first, operator-centric solutions rather than platform sprawl.

Competitive positioning is nuanced. Traditional Software Composition Analysis tools (Snyk, Dependabot, Renovate) detect vulnerabilities but do not automate remediation at patch granularity. Code-scanning and SAST platforms (Semgrep, Apiiro) focus on custom code risk. Hopper occupies a specialist category: autonomous patching of third-party dependencies. This specificity is a strength—the solution is purpose-built for OSS risk, not a bolted-on feature in a platform dashboard. Network effects could emerge if Hopper patches achieve industry adoption, informing future patch quality and becoming a trusted supply-chain artifact.

Dual-use relevance is substantial. Autonomous patching is critical for commercial software assurance (uptime, supply-chain risk reduction, regulatory compliance) and essential for government/defense software assurance programs where patch velocity and audit trails are non-negotiable. A government acquisition, integration, or approval pathway would materially increase strategic value. Technology dual-use potential exists at the patch-generation and exploitability-verification layers; similar automation could accelerate security research and vulnerability assessment in intelligence and defense contexts.

Dual-Use Assessment

Military & Commercial Applications

Autonomous patching and exploitability verification have direct applicability in both commercial software supply-chain security (reducing vulnerability remediation cost and time) and government/defense software assurance (ensuring rapid, verifiable vulnerability closure with audit trails). The underlying technologies—automated vulnerability analysis, patch synthesis, and verification—have potential dual-use applicability in security research and vulnerability assessment programs.

Strategic Fit Assessment

Research priority signal

Priority signal means this entry may be worth researching within the Claw & Talon thesis. It does not mean investable, suitable, endorsed, available, or likely to produce returns.

Hopper addresses a material vulnerability management pain point affecting all software organizations. Open-source dependencies are ubiquitous; CVE velocity is accelerating; version upgrade workflows are expensive and risky. Hopper's autonomous patching model offers a novel, operationally attractive solution to a persistent, industry-wide problem. The seed funding, experienced founding team, and strong initial market signals (customer adoption, feature velocity) suggest credible execution. The market is large (software supply-chain security), acquisition risk is moderate (strategic fit for platform security vendors or container companies), and defensibility depends on patch quality, AI model maturity, and network effects.

Strategic Value to U.S.-Israel Alliance

Hopper materially improves enterprise software resilience by automating the most costly, time-consuming phase of vulnerability management: remediation. Unlike detection-focused tools, Hopper eliminates the engineering and risk burden of remediation, reducing both security backlog and operational friction. Strategic value increases significantly if adopted into government or defense procurement pathways, or if acquired by a major security platform (Snyk, Lacework, Datadog, etc.) as a core supply-chain automation capability.

Key Technologies

Autonomous patch generation via AI agents
Exploitability analysis and verification
Non-breaking vulnerability patch synthesis
Supply-chain vulnerability prioritization
Container and dependency reachability analysis
Build and test automation for candidate patches

Use Cases & Applications

Autonomous remediation of open-source CVEs without version upgrades
Reducing security-engineering trade-offs in supply-chain vulnerability management
Accelerating patch deployment in regulated and high-assurance environments
Eliminating manual changelog review and regression testing for dependency updates
Enabling at-scale vulnerability closure across thousands of dependencies
Supporting government and defense software assurance and audit compliance
Integrating into container security and SBOM workflows for continuous patching

Sources and verification

This profile is based on public-source research, Claw & Talon curation, and editorial judgment. Inclusion does not imply endorsement, partnership, investment, or a recommendation to transact. Readers should still confirm current status, customers, funding, and product claims before relying on this profile.

Public sources

The links below are visible public references used for source discipline around company identity, status, funding, customer, acquisition, public-company, or other material claims where available.

Official website Primary public reference for company identity, positioning, and current web presence.
Profile update timestamp Last updated in the Claw & Talon database on Apr 30, 2026.

Investor Lens

What this entry is

Private startup

Why it may matter

Hopper may matter as a Cybersecurity entry with not currently an investable standalone company for Israeli technology research.

How an independent investor should read this

Not currently an investable standalone company. Read this profile as a starting point for independent verification, not as a recommendation or suitability assessment.

Evidence to verify

Verify current status
Verify traction
Verify cap table/funding
Verify technical claims
Verify regulatory/export-control issues
Verify customer concentration

Main investor questions

Is the company currently active, independently financeable, and raising or not raising on terms you can verify?
What customer, revenue, product, and technical evidence supports the company story?
What valuation, cap table, rights, and follow-on assumptions would govern any private exposure?
Does the dual-use claim map to actual commercial and government/defense/resilience buyer evidence?
What evidence would change the thesis or show that the profile is stale?

What not to infer

Inclusion does not imply endorsement.
Inclusion does not imply allocation availability or current fundraising.
Scores do not indicate investment suitability or expected returns.
Strategic importance does not automatically imply venture return potential.

Related checklist: Cybersecurity company diligence Related sector page: Cybersecurity sector page Related Dependency Atlas theme: Sovereign cloud and software resilience

Diligence questions

What evidence verifies Hopper's current customer traction, deployment status, and revenue concentration?
Which technical claims are independently demonstrable today, and which remain roadmap or pilot-stage assertions?
Where does the product create real defense, intelligence, critical-infrastructure, or emergency-response value beyond ordinary commercial adoption?
How does the platform integrate into existing SOC, cloud, identity, or compliance workflows without adding operational burden?
What would disconfirm the priority signal: weak customer references, thin technical differentiation, poor capital efficiency, or limited allied-market access?

Related sector

See the Cybersecurity sector page for market context, related subcategories, and other Israeli companies in this part of the database.

Related companies

Research relevance score

80/100

Scores are editorial research signals for comparison and prioritization. They are not investment ratings, recommendations, suitability assessments, allocation availability signals, or return predictions, and may be based on incomplete public information.

Last Updated

Apr 30, 2026

Need a diligence readout?

Use the profile and related checklists as a starting point. If the decision needs more context, request a company screen, founder-call prep, diligence memo, or sector readout.

Contact Claw & Talon Read database guide