Building AI Trust with Snyk Code and Snyk Agent Fix
June 23, 2025
0 mins readMany businesses are using AI to innovate and boost productivity. But to truly benefit from AI, you need to trust it. That's where the Snyk AI Trust Platform comes in. As we announced at the 2025 Snyk Launch, the Snyk AI Trust Platform is designed to unleash innovation, reduce business risk, and accelerate software delivery in the age of AI. Good governance, enabled by our platform, provides reliable, real-time guardrails, allowing you to innovate quickly and confidently without constantly worrying about AI risks.
Snyk Code helps you achieve AI governance by securing your applications throughout their development. It performs static application security testing (SAST) and empowers teams to embrace AI. With Snyk Code:
See everything: Get a comprehensive view of security across your entire development process.
Prioritize what matters: Focus on the most critical risks, enhanced visibility, prioritization, and policy capabilities.
Fix fast and automatically: Remediate code security issues quickly and easily, as far left as possible, enabling developers to accelerate the pace of innovation securely.
Set your own rules: Create and enforce security policies for your applications with comprehensive governance capabilities
As part of the 2025 Snyk Launch, we’re excited to introduce Snyk Agent Fix in the PR!
Snyk Agent Fix is your AI-powered code security assistant
A key part of Snyk Code is Snyk Agent Fix, an auto-remediation agent that autonomously generates and validates fixes. This enables developers to secure human- and AI-generated code at speed within their IDE and pull requests, without breaking their flow. Trust your auto-fixes with industry-leading 80% accuracy, thanks to patented CodeReduce tech and pre-validated fixes.
Formerly known as DeepCode AI Fix, Snyk Agent Fix already enables development and application security teams to shift left through auto-fixing in multiple IDEs. It finds, generates, and validates up to five potential fixes, each with clear explanations. Developers just pick their favorite fix and click to apply it.
Big news: Now you can auto-fix in pull requests too!
Today, we’re delighted to announce that we’ve extended Snyk Agent Fix’s reach beyond IDEs. Now, teams also have the flexibility to auto-fix code security issues in pull requests (PRs).
Secure your Gen AI development with Snyk
Create security guardrails for any AI-assisted development.
How Snyk Agent Fix helps with AI governance
Let's dive into how Snyk Agent Fix empowers better AI governance by preventing problems from ever reaching production.
Fix code in seconds, not hours
Snyk Agent Fix lets developers automatically fix issues right inside their workflows. It provides easy-to-understand guidance, just-in-time, bite-sized lessons, and explanations for each fix. These auto-fixes are pre-screened, saving you from doing work twice. In fact, Snyk Agent Fix has been shown to reduce an average of nearly 7 hours of manual work per vulnerability fixed to just seconds.
Reliable fixes, minimized rework
What does “pre-screening” mean? Before you even see a fix, Snyk Agent Fix runs all generated auto-fixes through a Snyk Code SAST scan. This scan checks that the fix:
Is readable and correctly formatted
Actually solves the problem it’s meant to
Doesn’t introduce any new security issues.
This all happens agentically in seconds, so you only see high-quality, reliable fix recommendations.
Using Snyk Agent Fix in pull requests
First, check that “Snyk Agent Fix in PRs” and the “PR checks” features are both enabled in your Snyk settings:

Once enabled, Snyk Code will automatically run when you merge code changes through a PR. You’ll get notified if the scan passes or fails, and the results will show up in-line on the code diff.
These results give you all the information and context you need to fix vulnerabilities without leaving your SCM. This includes information about severity level, available IDE plugins, and issue details like description, data flow analysis, explanations, links to Snyk Learn lessons, code context, and whether Snyk Agent Fix can automatically fix it (look for a little lightning bolt icon!).
Ready to fix? Just type @Snyk /fix
, to generate a fix:

Remember, these fixes are already pre-screened to save you time. You can ask for up to five different fix suggestions, and once you pick one you like, you can apply it as simply as @Snyk /apply 4
(for the fourth fix generated). Snyk will automatically merge the fix back into your code.
While AI models have some limitations, our pre-validation process catches potential errors, making Snyk Agent Fix's suggestions highly reliable and reducing rework for our users. If any fix recommendation doesn’t pass any of our SAST tests, we won’t show it to you.
Guided help when auto-fix isn’t available
If an auto-fix isn't available, Snyk Code still guides you through the remediation process. You'll get real-world examples and all the same helpful context, like data flow analysis and remediation explanations. There may even be a link to a Snyk Learn link right in the IDE to learn more about the issue!
Your data stays safe
Security is paramount at Snyk. That’s why we use a custom, self hosted LLM, trained only on permissively licensed open source repositories with code fixes. This translates to stronger security and better data privacy. We don’t send your data to third-party AI model providers for processing.
Seeing and prioritizing issues: Smarter AI governance
AI trust is built on the core pillars of visibility, prioritization, and policy. Snyk Code delivers visibility through in-depth scans at AI speed, running 2.4x faster than alternatives. By combining this speed and accuracy with smart prioritization, developers can move faster without the noise of false positives and focus on fixing issues.
Prioritization comes from understanding your business context. There are three new features that enable developers to customize security results to match the risk profile of their applications:
Ignore what’s not important: Our unique "Consistent Ignores" feature lets you easily hide findings across different code branches, projects, and integrations. Just enable it in your Snyk settings.
Dynamic risk scores: Snyk Code gives each vulnerability a constantly updated Priority Scores which makes it easy to prioritize risks based on real-time factors.
Focus on new issues: Developers can choose to see only “New” issues introduced in their current work, allowing them to focus on the most relevant problems in their own code.
Finding and prioritizing are great, but what really reduces business risk is policy. Features like PR checks can act as a gentle reminder or as required security gates, a second layer of testing after your IDE, catching any missed security issues at the pull request stage.
Security teams can also set rules for when PR checks should fail based on the severity of the issues. You can even combine this with the "new issues" feature to only gate on newly introduced security problems, or on all issues.
Snyk Code’s PR in-line comments provide helpful context for security issues and assist in reviewing PR check outcomes. They offer expert security guidance directly where you need it.
Develop AI rust with Snyk Code and Snyk Agent Fix
As part of the Snyk AI trust platform, Snyk Code and Snyk Agent Assist empower both security and development teams to establish and maintain strong AI governance through visibility, prioritization, AI-powered remediation, and policies.
Snyk Agent Fix turns findings and policies into action. It enables teams to proactively improve application security in real-time, right as developers code, whether in the IDE or in a pull request.
Remediate in 12 Seconds
Snyk Agent Fix in PRs is now available in Early Access.
Book a demo to start auto-fixing vulnerabilities in your IDE or pull requests with our secure, highly accurate AI that boasts an average fix generation time of just 12 seconds.
Own AI security with Snyk
Explore how Snyk’s helps secure your development teams’ AI-generated code while giving security teams complete visibility and controls.