Pixee pricing

About

Pixee is an agentic security engineering platform that sits on top of a team’s existing scanners (Snyk, Checkmarx, SonarQube, Semgrep, CodeQL, Veracode, GitLab Ultimate, Dependabot, and others) and automates two jobs developers hate: triaging the flood of scanner findings and writing the fixes. Its agents ingest SAST and SCA findings, run codebase-aware exploitability and reachability analysis to discard unreachable noise, then generate context-aware pull requests that match the team’s code conventions. The pitch is “Your Scanners Find It. Our Agents Fix It.” — no rip-and-replace, working with the tools a team already owns.

The company markets four agentic systems sharing one “Context Graph”: Triage & Fix and Beacon (a per-PR security reviewer) are Live; Foresight (design/PRD review) and Vantage (blast-radius mapping for the next Log4Shell) are Early Access. Headline outcomes it advertises include 95% false-positive reduction, a 76% developer merge rate on its generated PRs, 100K+ pull requests validated, and clearing 100,000+ vulnerability backlogs in roughly 90 days. Logos shown on its site include NTT Data, Nippon Steel, HCLTech, Oracle, and Olympus.

Pixee Inc. is a private company; it does not disclose ARR, valuation, or headcount on its pricing surfaces. Its distinctive market position is the pricing model itself: where most application-security tools bill per seat or per scanned repo, Pixee bills for resolved vulnerabilities — an outcome-based motion it frames as “Incentives Aligned: traditional tools profit when your backlog grows; we only profit when it shrinks.”

Pricing summary : outcome-based “pay per vulnerability resolved”, quoted not published

Pixee uses an outcome-based (pay-per-resolution) model with no public dollar figures. Pricing is built around two ideas:

1. The billing unit is a resolved vulnerability, not a seat. Pixee charges for “vulnerabilities triaged and remediated in your codebase” — measurable security outcomes rather than developer count or repo count. The quote is “calculated based off annual scanner findings (SAST + SCA),” so the price scales with a team’s backlog volume, and adding developers does not change it (“Unlimited developers” is listed as included).
2. Everything is custom-quoted. No price appears on any captured surface. The pricing page and demo page both funnel to “Get Custom Quote” / “Schedule Your Demo.” Feature depth is tiered across Core Platform → Advanced → Custom (Enterprise), with a separate MSSP/partner motion for resellers, but each tier’s price is gated behind a sales conversation.

To support that motion, the pricing page embeds an interactive ROI calculator (“Customize Assumptions”) that estimates first-year ROI, payback period, and net benefit from a team’s scanner-finding volume — the example shown defaults to figures like 367% first-year ROI, a 2.6-month payback, and ~$220K net benefit, split across developer-productivity and security-triage savings. These are illustrative calculator outputs, not Pixee’s prices.

What makes this different: Pixee inverts the standard AppSec incentive — instead of charging more as a backlog grows (per-seat or per-scan), it ties revenue to backlog shrinkage, billing only when vulnerabilities are actually resolved.

Pricing by product

Pixee publishes no prices. The pricing page presents a single feature-comparison matrix whose columns escalate across Core Platform → Advanced → Custom (Enterprise), every cell quoted via “Get Custom Quote.” The tiers below reflect which capabilities the page marks at each level; the Price column is Custom throughout because no dollar figure is shown on any captured surface.

Pixee platform (capability tiers)

Partner / MSSP

Sales motions across products: there is no self-serve or PLG tier — every plan, including the entry Core Platform, is sales-led and quoted via “Get Custom Quote” / “Schedule Your Demo.”

The ROI calculator (in lieu of a price list)

Because no list price is shown, the pricing page leads with an interactive ROI calculator (“Customize Assumptions”) rather than a price table. It takes a team’s annual scanner-finding volume and returns illustrative outputs: a first-year ROI percentage, a payback period in months, and a net-benefit dollar figure, decomposed into Developer Productivity (hours returned, FTE-equivalent, dev-workload reduction) and Security Triage Efficiency (triage hours automated, false-positive handling, triage-automation coverage). The default example renders roughly 367% ROI, a 2.6-month payback, and ~$220K year-one net benefit — these are calculator outputs from default assumptions, not Pixee’s prices. The page also flags breach-avoidance (“avoiding a breach… average cost of a data breach hit $4.88M in 2024”) as value deliberately excluded from the calculation.

Hidden costs : why an outcome quote can still surprise you

Pixee publishes no list price, so there is no honest bill-construction table to build here — any dollar figure would be invented. What matters instead is understanding where an outcome-based, quote-only contract hides cost from a buyer who cannot model it in advance. There are three real ones.

1. The quote scales with your backlog, and your backlog is large. Pixee’s quote is “calculated based off annual scanner findings (SAST + SCA).” A team that turns on Snyk, Semgrep, and Dependabot across a big monorepo can surface tens of thousands of findings — Pixee itself advertises clearing “100,000+ vulnerability backlogs.” Because price is tied to that volume, the orgs that need Pixee most (the ones drowning in findings) are also the ones facing the largest quotes. The ROI calculator reframes that as savings, but the contract number it produces is not shown until you talk to sales.

2. “Resolution” is the meter, and its definition is yours to negotiate. The pricing FAQ answers “What is a ‘resolution’?” rather than printing a per-resolution rate. Whether a resolution counts at PR-open, at merge, or only when a finding is verified closed materially changes the bill — and with a 76% advertised merge rate, the gap between “fixes generated” and “fixes merged” is real money. Buyers should pin this definition in the contract.

3. Enterprise add-ons sit above the resolution line. Air-gapped / self-hosted deployment, custom security policies, compliance audit trails, SSO/SAML, a dedicated Slack channel and CSM, and an enterprise SLA are all Custom-tier features. None carry a published price, so the “outcome” headline understates the all-in cost for a regulated buyer who needs on-prem and compliance tooling on top of the per-resolution charge.

Because there is no public rate card, modelling a Pixee bill in advance is not possible without a sales conversation. The closest public artefact is Pixee’s own ROI calculator, which estimates savings (developer-productivity hours plus security-triage efficiency) rather than spend — useful for building an internal business case, but not a substitute for a quote.

Want to estimate an outcome-based bill once you have a quote? Pixee has no per-resolution rate to model yet, so there is no dedicated Pixee pricing calculator — start from our pricing calculator hub and our guide on usage-based pricing fundamentals to build the model yourself.

Pricing evolution : from a public price list to a quote-only outcome model

Pixee’s pricing has undergone a rare full inversion: it started with a transparent, self-serve, per-contributor price list and a genuine free tier, then deleted all of it and moved to a sales-led, outcome-based “pay per resolution” model. Wayback snapshots of pixee.ai/pricing document the arc.

Cadence

Tracked range: 2024-02–2026-06 (Wayback snapshots of pixee.ai/pricing). Quarters not listed above were verified stable (0 price changes, 0 SKU additions).

Notable changes

• 2024-02 — Public contributor-based pricing live: Free ($0, unlimited PRs on public repos, 10/mo on private), Pro ($39/mo promo-cut to $5), Enterprise quote-only; purchasable via GitHub Marketplace (Wayback pixee.ai/pricing, 2024-02).
• 2025-02 — Pro list price moved to $49/mo per GitHub Contributor; Auto-Triage (Basic/Advanced) added as a differentiating feature (Wayback pixee.ai/pricing, 2025-02).
• 2025-05-22 — Pixee raised a $15M seed co-led by Decibel and Wing VC, intended to “accelerate product development and scale its go-to-market team” — the funding that preceded the enterprise-pricing pivot (BusinessWire announcement).
• 2025-10 — Free tier removed; page reduced to Pro ($29/mo) + Enterprise; GitHub Marketplace self-serve purchase removed in favor of “speaking with us” (Wayback pixee.ai/pricing, 2025-10).
• 2026-02 — Full pivot to outcome-based “Pay for Problems Solved” pricing: no public dollar figures, an interactive ROI calculator replaces the price table, and feature depth tiers across Core / Advanced / Custom (Wayback pixee.ai/pricing, 2026-02).

The price-list deletion in detail

The shift from a public price list to a quote-only page is the single most consequential change. Within roughly twelve months Pixee went from a developer-friendly, self-serve, GitHub-Marketplace product with a $0 free tier and a sub-$50 Pro plan to an enterprise sales motion where the cheapest path to a number is a demo. The intermediate 2025-10 snapshot caught the transition mid-flight — a free-tier removal and a Pro price cut (from $49 to $29) while self-serve install was swapped for “Schedule a demo.” That combination (lower nominal price, higher friction, no free entry) is the fingerprint of a company repositioning away from individual developers and toward enterprise contracts, which the $15M seed and the “scale go-to-market” language corroborate.

What’s unique : charging per vulnerability fixed, not per seat

1. The billing unit is a resolved vulnerability, not a seat or a scan. Almost every AppSec tool meters on seats, repos, or scans — capacity you buy whether or not it produces an outcome. Pixee bills for “vulnerabilities triaged and remediated,” an outcome-based model where the meter is a security result. It explicitly lists “Unlimited developers” as included, severing price from headcount. This is the editorial hook: it is one of the few vendors in the corpus to charge per problem solved rather than per user provisioned — a textbook resolution of the value-metric problem in AI pricing.

2. The incentive is inverted on purpose. Pixee’s pricing page leads with “Traditional tools profit when your backlog grows. We only profit when it shrinks.” Per-seat and per-scan vendors make more money as a backlog balloons; Pixee ties revenue to backlog shrinkage. That alignment is the marketing centerpiece — but it also creates a genuine structural difference: the vendor’s revenue and the buyer’s risk-reduction move in the same direction, which is unusual in security tooling.

3. An ROI calculator stands in for a price list. Because there is no list price, the pricing page is built around an interactive “Customize Assumptions” calculator that converts a team’s annual scanner-finding volume into a first-year ROI percentage, a payback period, and a net-benefit dollar figure split across developer-productivity and security-triage savings. It is a value-selling artefact, not a rate card — the buyer leaves with a business case rather than a number.

4. A free open-source funnel feeds the paid platform. Pixee’s Codemodder framework (codemodder-java and codemodder-python) ships free under AGPL-3.0 on GitHub, and the historical Pixeebot offered unlimited fixes on public repos at $0. The open-source layer builds developer trust and adoption that the sales-led enterprise platform then monetizes — a classic open-core funnel grafted onto an outcome-priced commercial top.

5. It rides on tools you already own. Pixee does not replace Snyk, Checkmarx, Semgrep, CodeQL, or Dependabot — it sits on top of them, ingesting their SAST/SCA findings and generating fixes. That “no rip-and-replace” posture removes the switching cost that usually gates AppSec purchases and lets the outcome meter run against scanners the buyer has already paid for.

Strengths & weaknesses

Billing UX : ROI calculator + quote-only, no self-serve checkout

• Outcome-based ROI calculator (“Customize Assumptions”) — the centerpiece of the pricing page; takes annual scanner-finding volume and returns first-year ROI, payback period, and net-benefit estimates split across developer-productivity and security-triage savings. Stands in for a price table.
• “Get Custom Quote” CTA — the only path to a number; there is no self-serve plan picker, no checkout, and no displayed list price on the pricing page.
• “Schedule Your Demo” / “Get a Demo” CTA — the enterprise/demo page is a single email-capture form (“Schedule a demo → Let’s Talk”); all access is gated behind a sales conversation.
• Feature-comparison matrix (Core / Advanced / Custom) — communicates what each tier includes (integrations, support level, air-gapped deployment, SSO/SAML, audit logs) without attaching any price to the rows.
• Self-serve FAQ on contract mechanics — the pricing page answers operational questions in lieu of prices: “Do you support custom contracts?”, “Can we deploy Pixee on-premise?”, “What happens if we have a massive backlog?”, “Does pricing change if we add more developers?”, and “What is a ‘resolution’?”.

Strategic wins : what Pixee got right

1. Picking a value metric the buyer already believes in

Security teams already measure themselves on backlog burn-down and mean-time-to-remediate. By billing on resolved vulnerabilities, Pixee adopted a value metric that maps directly onto a KPI the buyer is already accountable for — making the spend easy to justify internally. That alignment between the meter and the buyer’s own success metric is the core lesson of good usage-based pricing metric selection, and Pixee chose unusually well for a security tool.

2. Inverting the AppSec incentive — and saying so loudly

Most security vendors quietly profit from an unbounded backlog. Pixee made the opposite its headline (“we only profit when it shrinks”), turning a pricing-model choice into a trust narrative. This is the same move outcome-pricing pioneers use to disarm the “vendor wants me to fail” objection, a pattern we unpack in outcome-based pricing for AI products. The story does competitive work the price tag alone cannot.

3. Building an open-source funnel before monetizing

Codemodder and Pixeebot earned developer trust and Show HN traction (the 37-point Codemodder thread, GitHub stars across codemodder-java/python) while the company was still free. That bottom-up credibility de-risks the top-down enterprise sale — security buyers trust tools their engineers already use. The open-core funnel is a durable advantage the quote-only enterprise page inherits.

4. Timing the pivot to the funding and the market

The shift to outcome pricing followed a $15M seed and the GenAI-codegen surge that is flooding teams with new vulnerabilities. By repositioning from a sub-$50 developer tool to an enterprise outcome platform exactly as the backlog problem worsened, Pixee aligned its packaging with where the budget — and the urgency — now sits.

Areas to improve : where the model leaves money and trust on the table

1. Define “resolution” publicly before the sales call

Pixee’s own FAQ poses “What is a ‘resolution’?” but answers it with prose, not a billing definition. A buyer cannot tell whether a resolution is counted at PR-open, at merge, or at verified-close — and with a 76% merge rate, that ambiguity is the difference between a forecastable and an unforecastable bill. Fix: publish a one-line, contractual definition of the billing event (e.g., “a resolution = a finding closed by a merged Pixee PR”) so buyers can model spend before engaging sales.

2. Publish at least a starting price or a per-resolution band

Deleting every dollar figure maximizes negotiating leverage but minimizes top-of-funnel trust — developers and security engineers self-disqualify when they cannot tell if a tool is in their budget range. Fix: restore a published anchor — a “starting at” figure or an indicative per-resolution band — the way many sales-led peers in the pricing blueprint do, keeping custom quotes for volume while giving buyers a reference point.

3. Reinstate a self-serve or free entry to feed the funnel

Removing the $0 tier and GitHub Marketplace install severed the bottom-up motion that built Pixee’s developer trust in the first place. The open-source Codemodder framework still exists, but there is no longer a frictionless path from “I tried the free bot” to “my company bought the platform.” Fix: keep a free, public-repo or low-volume tier as a deliberate land-and-expand funnel rather than treating self-serve as a phase the company has graduated past.

4. Make the ROI calculator show spend, not just savings

The calculator estimates developer-productivity and triage savings but never surfaces an estimated price, so the buyer leaves with half the equation. Fix: add an indicative cost line to the calculator (even a wide band) so the ROI figure is grounded in a real spend estimate — a stronger business case than savings alone, and a far better experience than a black-box quote.

Key takeaways

1. Charge for the outcome your buyer is already measured on. Pixee meters on resolved vulnerabilities — the exact KPI a security team reports upward — which makes the spend self-justifying. A value metric that mirrors the buyer’s own success metric is easier to sell and harder to churn out of.
2. An inverted incentive is a pricing feature, not just a slogan. Tying revenue to backlog shrinkage rather than backlog growth turns the pricing model itself into a trust argument. The narrative (“we only profit when it shrinks”) does competitive work the price tag cannot.
3. Open source can be the funnel for an outcome-priced enterprise top. Free AGPL-3.0 tooling built developer credibility that the sales-led platform now monetizes. Open-core and outcome-pricing are compatible, and the OSS layer de-risks the enterprise sale.
4. Going quote-only is a deliberate trade, not a default. Pixee gained negotiating leverage and enterprise positioning by deleting its price list, but lost top-of-funnel trust and self-serve adoption. The choice is defensible — but only if the buyer urgency is high enough to absorb the friction.
5. Watch the intermediate snapshot, not just the endpoints. Pixee’s 2025-10 page — free tier gone, Pro price cut, self-serve swapped for “book a demo” — is the clearest single tell of a company repositioning from developer tool to enterprise platform. Pricing archaeology reveals strategy that press releases hide.

UBP implications

1. Outcome-based pricing is migrating from support into security. Resolution-based billing was pioneered in customer support (Intercom Fin charges per resolved conversation); Pixee applies the same outcome logic to vulnerability remediation. The pattern generalizes wherever an AI agent can be held accountable for a discrete, measurable result.
2. The hard part of outcome pricing is defining the outcome, not setting the rate. Pixee’s unanswered “what is a resolution?” question is the central design problem of every outcome model: the billing event must be unambiguous, verifiable, and resistant to gaming. Vendors that nail the definition win the buyer’s trust; vendors that leave it vague invite disputes.
3. Outcome pricing and price opacity are separable choices. Pixee bundled an excellent value metric with total price opacity, but they need not travel together. A vendor can publish a transparent per-outcome rate and still bill on outcomes — and doing so would capture the model’s trust upside without the unpredictable-cost budgeting friction Pixee imposes.

Sources

• Pixee pricing page (accessed 2026-06-08)
• Pixee get-a-demo / quote page (accessed 2026-06-08)
• Pixee documentation (accessed 2026-06-08)
• Pixee blog (accessed 2026-06-08)
• Pixee about page (accessed 2026-06-08)

Bottom line

Pixee is one of the cleanest examples in the corpus of an outcome-based value metric — you pay for vulnerabilities resolved, not developer seats — wrapped in total price opacity. The model is genuinely well-chosen: it bills on the exact KPI a security team is measured on and inverts the perverse “vendor profits from your backlog” incentive. But the company traded away the transparency and self-serve free tier that built its developer trust, leaving buyers unable to budget without a sales call. The pricing is excellent; the price discovery is a black box.

Want to compare Pixee against other outcome-based and security pricing? Browse the pricing blueprint.

Pricing timeline : Major events on a vertical axis

Each milestone below corresponds to a public pricing change, product launch, or material adjustment. Major events use a filled marker; minor adjustments use a faded one.

Pivot to outcome-based, quote-only pricing

Feb 2026

Pixee replaced contributor pricing with an outcome-based 'Pay for Problems Solved' model: priced off annual scanner findings, no public dollar figures, Core/Advanced/Custom feature tiers, and an interactive ROI calculator in lieu of a price list.

Free tier removed; Pro cut to $29/mo; self-serve phased out

Oct 2025

Page collapsed to two tiers — Pro ($29/mo per Contributor) and Enterprise. Free tier gone; 'Install now' replaced by 'Schedule a demo'; GitHub Marketplace purchase removed ('purchase Pixee by speaking with us').

Pro raised to $49/mo, Auto-Triage added

Feb 2025

Free tier retained; Pro list price moved to $49/mo per GitHub Contributor with Auto-Triage; Enterprise still quote-only. 'Schedule demo' CTA added alongside self-serve.

Contributor-based, public self-serve pricing

Feb 2024

Pixee published a three-tier contributor-based price list: Free ($0 — unlimited PRs on public repos, 10/mo on private), Pro ($39/mo, promo-discounted to $5), and Enterprise ('Let's talk'). Purchasable via GitHub Marketplace.