Snyk Acquires Invariant Labs to Bolster AI Security Capabilities

Snyk acquires Invariant Labs to expand AI agent security capabilities - SiliconANGLE

Cybersecurity company Snyk Ltd. today announced that it has acquired Invariant Labs AG, a Swiss artificial intelligence security research firm, for an undisclosed price. Spun off as a separate company from ETH Zurich university in 2024, Invariant Labs builds tools and frameworks to help developers construct secure, robust and reliable AI agents. The company is also an early pioneer in developing safeguards against emerging AI threats such as tool poisoning and Model Context Protocol vulnerabilities with contextualized AI security. Invariant Labs offers a suite of tools that are designed to help developers observe, audit and secure AI agents and applications. The company's main offering, called Explorer, offers a runtime observability dashboard that lets teams inspect the behavior of large language models and agentic systems in real time, capturing tool usage, decisions and context. Another tool, called Gateway, complements Explorer with a lightweight proxy that routes application programming interface traffic and enforces security policies without requiring code changes, enabling rapid deployment and monitoring. The company also offers Guardrails, a policy engine that allows developers to define and enforce contextual rules around AI behavior, such as restricting data flow, limiting tool access, or flagging anomalous decisions. Another key product, MCP-Scan, targets MCP vulnerabilities by detecting threats such as tool poisoning and "MCP rug pulls," which can compromise AI agents during tool calling or prompt chaining. "We've spent years researching and building the frameworks necessary to secure the AI-native future," said said Invariant co-founder and Chief Executive Marc Fisher. "We understand agent systems as a new type of software that requires novel and innovative approaches to provide strong security guarantees." This acquisition will advance Snyk's mission to secure the next generation of AI-native and agentic applications, including large language model integrations and autonomous agents powering modern software development. Though not solely a talent acquisition, Snyk will also benefit from Invariant Labs' team of researchers who, the company says, have a proven track record of industry-first intelligence on agentic attack vectors, MCP tooling and real-time detection techniques that Snyk says are now shaping security standards across the industry. "With Invariant Labs, we're accelerating our ability to identify, pressure test and neutralize the next generation of AI threats before they reach production," said Snyk Chief Innovation Officer Manoj Nair. "This investment deepens our leadership in AI security innovation, rooted in original research, technical rigor and developer trust." Nair spoke with Dave Vellante, co-host of theCUBE and chief analyst at theCUBE Research, last year about how cloud computing has affected security:

Snyk Strengthens Its Hand Against Emerging AI Threats With Acquisition

Snyk is buying Invariant Labs, a leading AI security research firm, to expand the capabilities of its AI Trust Platform and extend its AI security research efforts. Developer security platform provider Snyk has acquired AI security research firm Invariant Labs in a move to bolster the company's recently launched AI Trust Platform, the company said Tuesday. Snyk is also leveraging the acquisition to establish Snyk Labs, the company's new research arm focused on advancing the AI security services delivered through the AI Trust Platform, according to the company. Invariant Labs is the latest in a line of Snyk acquisitions that includes Probely, a Portugal-based developer of Dynamic Application Security Test (DAST) technology for security testing of APIs that Snyk bought in November 2024, and Helios, whose technology captures security relevant data from live applications, that Snyk acquired in January 2024. [Related: The 2025 Security 100] Earlier Snyk acquisitions included DeepCode, Reviewpad and Enso Security. Terms of the acquisition of Invariant Labs, headquartered in Zurich, Switzerland, were not disclosed. Boston-based Snyk provides a developer security platform that's designed to help businesses and organizations identify and fix vulnerabilities in their software code, open-source dependencies, containers and infrastructure as code, enabling developers to secure applications throughout the entire software development lifecycle. On May 28 Snyk debuted the AI Trust Platform, an AI-native agentic platform specifically built to secure and govern software development in the AI era, according to Snyk. The goals of the new platform, according to the company, are to reduce the security risks associated with AI-generated code and help organizations better defend themselves against AI-driven cyberattacks. The acquisition of Invariant Labs furthers those efforts, according to Snyk. "This acquisition is an important integration into Snyk's recently launched AI Trust Platform that adds the ability to secure applications from emergent threats," said Snyk CEO Peter McKay in the announcement of the acquisition deal. "Snyk can now offer customers a single platform to address both current application and agentic AI vulnerabilities." The acquisition also provides "a major advancement" for Snyk Labs, the company's new research arm focused on advancing AI security through the AI Trust Platform. Snyk said the acquisition "brings a talented team of preeminent researchers" with a track record of providing "industry-first intelligence" on agentic attack vectors, MCP vulnerabilities, tool poisoning and runtime detection techniques. "We've spent years researching and building the frameworks necessary to secure the AI-native future," said Invariant Labs CEO and co-founder Marc Fischer, in a statement. "We must understand that agent-based AI systems are a powerful new class of software, especially autonomous ones, and demand greater oversight and stronger security guarantees than traditional approaches." The addition of Invariant Labs boosts Snyk's ability to help customers secure AI-native and agentic applications, including large language models and autonomous agents. Snyk can now support security teams as they deal with "urgent and unfamiliar risks" in AI-native software, according to the acquisition announcement. Snyk said Invariant Labs has been on the forefront of research around new security issues such as unauthorized data exfiltration to AI agents executing unintended actions and threats such as MCP vulnerabilities. The company has even discovered and named new attack terminology including "tool poisoning" and "MCP rug pulls," according to Snyk. Invariant Labs, for example, has developed Guardrails, what Snyk describes as "a transparent security layer at the large language model and agent level that developers use to augment existing AI systems with security safeguards. With the company's technology developers can inspect and observe agent behavior, enforce contextual security rules for agent systems, and scan MCP servers for vulnerabilities. "With Invariant Labs, we're accelerating our ability to identify, prioritize and neutralize the next generation of agentic AI threats before they reach production," said Mano Nair, Snyk chief innovation officer, in a statement. "This acquisition also underscores Snyk's proactive commitment to supporting security teams navigating the urgent and unfamiliar risks of AI-native software, which is rapidly becoming the new software development default."