Snyk Launches Agent Security Suite and Brings Evo AI-SPM to General Availability to Govern Autonomous Coding Agents

New updates have been reported about Snyk.

Snyk is expanding its AI security platform with the launch of its Agent Security solution and the general availability of Evo AI-SPM, positioning itself as an enforcement layer for enterprises deploying autonomous coding agents such as Claude Code, Cursor, and Devin. The company is targeting a fast-emerging governance gap, arguing that as these agents write and ship code at machine speed, traditional code review and cloud security tools fail to control what agents build, which tools they invoke, and how they act in production environments.

Evo AI-SPM, developed inside Snyk’s AI innovation arm, underpins the Agent Security offering by extending the firm’s AI Security Fabric to govern agents from initial introduction into software through live production behavior. Early access deployments, spanning more than 500 Evo scans, revealed untracked agentic AI components in environments that already had cloud security and CNAPP controls in place, illustrating that existing platforms show where AI runs after deployment, while Snyk focuses on where AI is embedded in code and enforces policy before workloads reach the cloud.

The new solution operationalizes governance through specialized agents: a Discovery Agent maps the code-first AI attack surface and generates a live AI bill of materials, a Risk Intelligence Agent enriches that inventory with metadata, hallucination and bias metrics, and security context, and a Policy Agent converts plain-language rules into CI-native, machine-enforceable guardrails. Snyk’s Chief Innovation Officer, Manoj Nair, framed agentic architectures as a software supply chain problem and emphasized that Snyk’s differentiated value lies in validating which AI-generated issues are real and exploitable, using ground-truth data from a decade of enterprise deployments so that developers fix only verified risks.

For customers like WEX, a global payments and workflow provider, the key initial benefit has been rapid visibility into their AI footprint; WEX’s product security lead reported that setup and reporting took less than a day and provided a foundational view for business-impact-based AI governance. Beyond pre-deployment controls, Snyk is also extending its reach into runtime for AI-native applications, using Snyk API & Web to probe high-risk authorization and business logic flaws such as BOLA and IDOR, which are frequently introduced by AI-generated code and become more dangerous in autonomous agent scenarios.

To further stress-test AI systems, Snyk is offering Agent Red Teaming in open preview, using autonomous agents to execute multi-step attack flows that continuously uncover vulnerabilities before they are exploited in production. Strategically, these launches deepen Snyk’s role as an AI security fabric for enterprises seeking to scale agentic workflows without losing control, creating potential for expanded wallet share across its 4,800-customer base and new demand from organizations prioritizing secure AI adoption; the company is showcasing the Agent Security suite and Evo AI-SPM’s GA capabilities at RSA Conference 2026 as it positions itself at the center of AI governance and software supply chain security.