Snyk Unveils Evo: Pioneering AI Security Orchestration for the Agentic Era

AI security redefines software innovation - SiliconANGLE

AI security is becoming the next big battleground for innovation Code is no longer just written -- it's evolving. As artificial intelligence takes a central role in building, testing and deploying modern software, AI security is quickly becoming the foundation for digital trust. The more machines help create the systems that power our world, the more vital it becomes to secure them from the inside out. This new reality is forcing organizations to rethink how software is designed and defended. Intelligent coding assistants and agentic systems are accelerating development, but they're also introducing unseen risks that traditional safeguards can't keep up with. To keep innovation moving without compromise, enterprises are now racing to weave security directly into the creative process -- ensuring that what AI builds, it can also protect, according to Peter McKay (pictured, left), chief executive officer of Snyk Ltd. "We've always been very focused on trying to help the developer community learn more about developing more secure code," McKay said. "When we started to see all these different AI events happening all over the world, when we went to look for where the AI security events were, there weren't any. Everybody is trying to move faster and faster around AI, but nobody's thinking about the security aspect of it and there's no forum for people to go to actually learn about it." McKay and Manoj Nair (right), chief innovation officer of Snyk, spoke with theCUBE's Jackie McGuire at The AI Security Summit, during an exclusive broadcast on theCUBE, SiliconANGLE Media's livestreaming studio. They discussed how AI security is becoming essential to innovation, with Snyk leading efforts to embed protection, education and collaboration into AI development. (* Disclosure below.) Snyk's leadership believes that the industry can't afford to separate innovation from protection. The company's strategy is centered on blending the speed of AI-driven development with the discipline of embedded security -- a vision shared by the broader community attending the AI Security Summit, McKay noted. "Our mission was always around develop fast, but stay secure at the same time," he said. "It's very much around leverage the benefits you get from AI and the productivity and the enhancements and the autonomous, the agentic tech, all the things you get, but leverage a Snyk to help embed that into the process so you can go fast without having the risk associated with it." That balance between speed and safety is also reshaping the education and diversity landscape. Creating new learning tracks and inclusive spaces -- from Women in Cyber and AI sessions to hands-on certifications -- helps the next generation of developers and leaders build secure AI systems from the ground up, according to Nair. "We wanted to bring in various perspectives for the leaders in the group," he said. "We're trying to make it educational but also invest in growing the entire community to think about how security can be foundational for this wave." Snyk's new AI Trust Platform aims to unify this fragmented space, extending lessons learned from a decade of DevSecOps into the world of AISecOps. The company's approach emphasizes partnership, agility and co-creation -- aligning with customers as they navigate evolving attack surfaces and constant technological change, McKay explained. "Nobody has all the answers," he said. "The power is in the partnerships that we have together with our customers and the ecosystem. The more we lean in and collaborate ... I think is the way we go and solve this problem faster than if we try to do it on our own." Here's the complete video interview, part of SiliconANGLE's and theCUBE's coverage of The AI Security Summit:

Snyk unveils Evo, an agentic system to govern and protect AI-native development - SiliconANGLE

Snyk unveils Evo, an agentic system to govern and protect AI-native development Cybersecurity company Snyk Ltd. today announced the launch of Evo by Snyk, an agentic security orchestration system designed to secure artificial intelligence-native applications and tools, including generative and agentic AI. Snyk is pitching the new Evo offering as ushering in what it calls the "era of the empowered AI Security Engineer." The AI can act as both guide and autonomous teammate for deploying intelligent orchestration, automation and proactive governance that is required for the security complexities of the agentic enterprise. Evo by Snyk integrates with and builds upon the Snyk AI Security Platform, providing enterprises with a unified, agentic experience to discover, test, govern and protect AI systems across the entire software development lifecycle. "Security can't just keep pace -- it must lead the charge," said Chief Executive Peter McKay. "With Evo, we're not just securing code -- we're architecting the trust that will unlock the full potential of tomorrow's agentic systems for the modern enterprise." Evo offers agentic AI security that can orchestrate multiple agents, automate workflows and enforce proactive governance across the AI development lifecycle. Using Evo, teams can discover AI components, analyze contextual risk, prioritize actions and create policies to govern AI adoption at scale. Key features of the new offering include Intelligent Agent Orchestration and Autonomous Task Agents. With the Intelligent Agent Orchestration feature, a Workflow Agent acts as an intelligent coordinator that combines multiple specialized Task Agents into automated workflows from a single natural language prompt. The Workflow Agent transcends all agent usage in an enterprise, orchestrating both Snyk and non-Snyk agents alike. Autonomous Task Agents offer a range of specialized Snyk agents to secure every stage of the AI lifecycle. The agents include a Discovery Agent that automatically maps all AI models, application programming interface and dependencies to provide a complete view of AI usage. There's also a Threat Modeling Agent that automatically builds live AI threat models from code and flags risks like prompt injection with clear remediation paths. In addition, a Red Teaming Agent runs autonomous adversarial testing of models, agents and applications via the industry's leading engine for large language model-native application scanning. And finally, an MCP Scan Agent that provides full visibility into all Model Context Protocol servers in developer environments, leveraging Snyk's MCP research to monitor usage and enforce real-time guardrails. Other agents offered include an AI Risk Registry Agent that continuously evaluates and scores AI component risk, analyzing security, compliance and data controls to ensure only trusted models and MCP servers are deployed. A Policy Agent defines and enforces executable AI security guardrails for model use, data access and compliance. And a Fix Agent automatically resolves AI security issues through direct remediation or by initiating pull requests. Additional features of Evo by Snyk include Natural Language Policy Creation, with a Policy Agent that allows teams to proactively create and enforce security policies using natural language. It governs the use of AI in development and runtime applications and Comprehensive Reporting via a Reporting Agent that generates customizable insights across all agents, enabling faster and more flexible AI security risk reporting. Evo by Snyk is available in preview today for customers, with broader availability expected in early 2026.

5 Things To Know On Snyk's New Agentic Security System

The code and AI security vendor is debuting Evo, which provides orchestration of AI agents that can ultimately help secure agentic applications. Snyk unveiled Wednesday what it's calling the industry's "first" agentic security orchestration system -- aimed at providing crucial tools that can keep up with the fast-moving security needs of AI-native applications, according to the company. The new system, Evo, provides orchestration of AI agents that can ultimately help secure agentic applications, said Manoj Nair, chief innovation officer at Snyk, in an interview with CRN. [Related: Mistaken Identity? AI Agent Oversight Key To Success] Already at this stage, "agentic orchestration is there in other domains. It's there in customer experience. It's there in marketing. The dev tools are there," Nair said. "We're seeing that for security, something like this had to be born." Ultimately, Snyk is "building a team of expert agents that are very specialized in solving various parts of this problem, which work together in the system," he said. The announcement came in connection with the inaugural AI Security Summit, which is being held Wednesday and Thursday in San Francisco. The event's founding sponsors are Snyk and AI.Engineer. What follows are five things to know about Snyk's new Evo agentic security system. The massive push to rapidly develop AI and agentic applications has too often led to security needs being sidelined, as is often the case with new technologies, Snyk CEO Peter McKay told CRN. However, while this attitude of "'we'll worry about security later'" may make sense for an organizations development team, its security team is still accountable, McKay said. "It all will ultimately fall back on the security teams that are sitting there with tools that aren't built for the AI era," he said. "That presents a big challenge." At the same time, the development of AI-native applications is likely to only accelerate with the rise of "AI engineers," Nair said. "These are the people who claim they are becoming 10X engineers," he said. "And so we're building something for the 10X security person to be able to keep up with these 10X engineers." Evo consists of an "intelligent" agent orchestration system -- essentially a workflow agent -- whose purpose is to coordinate the activities of specialized agents related to securing the creation of AI-native applications, according to Snyk. This approach is crucial because while many security vendors are already offering agents at this point, "no one's really thought about how to orchestrate [those agents]," Nair said. Snyk, on the other hand, has developed an agentic orchestrator that is entirely focused on the security domain -- and crucially, it can coordinate agents from third-party vendors as well as from Snyk, he said. "Our power here is not that we built a bunch of agents," Nair said. "It's the fact that we have an agentic security-specific orchestrator that today is orchestrating our agents, but is [also] open enough that it can orchestrate anything else out there." Overall, "the beauty of this is they kind of feed off each other to achieve a much bigger goal than any one of them would individually," he said. Still, Snyk does believe it has taken a differentiated approach with developing some of the individual, specialized agents it is now unveiling, according to Nair. The autonomous "task agents" being launched by Snyk include agents for discovery, threat modeling, red teaming, MCP scanning and AI risk registry, the company said. Additionally, Snyk is debuting a "fix agent" to automatically remediate discovered security issues and a policy agent that can assist with proactive creation of security policies as well as policy enforcement, according to the vendor. The new Threat Modeling Agent stands out from existing approaches by offering the ability to automate the generation of live AI threat models, Snyk said. "That's very unique, [because] even in the AI security startup community, no one's really thought about secure-by-design and how to really automate the creation of a design," Nair said. "We're able to bring that design out, and we're able to figure out what threats are important for this kind of app." As a result, "you're able to think about remediation, versus spending weeks trying to figure out what the threat model is -- and by the time you figure it out, it's obsolete," he said. "So that's a very powerful innovation." Other key differentiators for the new agents include offering comprehensive visibility across MCP (Model Context Protocol) servers in developer environments through the new MCP Scan Agent, Snyk said. The goal with that agent is to "make sure your AI tools itself are not an attack point," Nair said. "The tool chain itself is a point of attack because MCP is so prevalent and it's got all these security issues." Snyk has been working with partners around the new Evo system including system integrator partners that have "validated" much of what the vendor has put together for the offering, Nair said. For instance, many system integrators are in demand for providing AI threat modeling, which could be massively assisted by Evo and the new Threat Modeling Agent, he said. "They waste a lot of their time just trying to organizationally navigate how to pull this together," Nair said. "So for them, this becomes a much more powerful tool." On the whole, "I think it elevates what they can offer from being tactical to strategic," he said. "Because [Snyk] just building this tool doesn't mean a customer is going to be able to be successful on its own. So it's the partners who are now able to [enable that]."