How Relay Network Adopted AI Coding Securely - and Built the Foundation for Agentic Development

Relay Network is the innovator behind a secure B2C communications platform that combines SMS with dynamic feed technology to help regulated enterprises deliver personalized, action-oriented mobile experiences for every customer.  In an industry where trust, compliance, and data protection are paramount, security has always been central to how the company builds software. But Relay Network’s approach to security is anything but traditional.

Rather than operating as a separate function that reviews applications after they are built, security is embedded directly within engineering. Brendan Putek, Director of DevOps, leads a broad platform engineering organization spanning security, developer enablement, CI/CD, cloud operations, and site reliability engineering. Esaie Batoula, Security Engineer, plays a critical role in scaling and operationalizing the company’s security program, driving the tools, patterns, and automation that enable developers to take ownership of remediation.

This operating model has helped Relay Network build a strong security foundation over time, significantly reducing a historical backlog and maintaining a posture of zero critical and zero high-severity issues across its codebase.

So when AI coding assistants began transforming how software is created, Relay Network saw both tremendous opportunity and a new challenge.

The question was not whether to adopt AI. The question was how to do it safely.

The productivity promise of AI and the need for guardrails

Like many engineering organizations, Relay Network was initially cautious about AI-assisted development.

Two years ago, the technology was still immature. Early tools often produced inconsistent output and required significant human oversight. But as foundational models improved and tools such as GitHub Copilot matured, Brendan saw a clear shift.

Today, AI has become a core part of how his team designs, builds, and remediates software. Relay Network standardized on GitHub Copilot early because it was easy to deploy, integrate seamlessly into their GitHub environment, and gave developers an approved enterprise-grade AI tool. Providing sanctioned tools also helps reduce shadow AI by discouraging developers from turning to unmanaged consumer services. The productivity benefits were undeniable.

But AI also accelerated the generation of insecure code and vulnerable dependencies. Without new controls, Relay Network risked scaling vulnerabilities as quickly as it scaled development.

Secure at Inception: Moving security to the moment code is created

Before implementing Snyk, developers often encountered security findings only after opening a pull request. By then, they had moved on mentally from the work, lost context, and frequently reached out to Esaie for help understanding the issue and determining how to fix it.

Esaie described the challenge simply:

“They push out a PR, one of the security checks fails, and they reach out to me. But their work is already done, and they’re ready to get it out.” 

This reactive workflow created delays and consumed valuable security engineering time. Esaie was receiving five to ten developer questions every day related to security findings. Relay Network wanted to move security as far left as possible and embed it into the coding experience itself.

With Snyk integrated into GitHub Copilot, developers could generate code, receive security findings immediately, and apply fixes in real time before code was ever committed. 

Brendan describes this as the practical realization of a principle that has long existed in theory.

As Brendan put it:

“Secure at inception is something every engineering organization should have been doing all along.”

Extending the workflow with custom pre-commit hooks

One of the most powerful aspects of Relay Network’s implementation came from Esaie’s own innovation.

Building on Snyk’s built-in secure-at-inception hooks, Easie extended the capability with custom pre-commit hooks tailored to fit Relay Networks workflows. The hooks automatically scanned all newly introduced code before it could be committed.

“Before this even makes it to the PR, I want it to scan and catch everything. It forces the research right there while it’s in front of you.”

This meant developers no longer discovered issues days later in CI pipelines or pull requests. Instead, security findings appeared while they were still writing code and had the full context needed to resolve them immediately.

Developers could get an explanation of the issue, assess exploitability, and generate remediation suggestions on the spot. Security became part of the development conversation itself, rather than a downstream gate.

As Brendan said:

"Stop segregating your engineering and your security teams. They need to work collaboratively, not antagonistically, which is all too often the case." 

Rapid adoption once developers saw it in action

Relay Network’s rollout followed a classic crawl, walk, run pattern. Initial adoption was limited, in part because some developers were still learning how to use AI coding assistants in the first place.

But once Esaie Batoula sat down with engineering teams and walked them through the workflow, adoption accelerated quickly. He began by partnering closely with senior engineers and technical leads, showing how security could integrate directly into existing developer workflows without slowing delivery. The response was immediate. After seeing the workflow firsthand, team leads quickly pushed to onboard their broader engineering teams, turning early interest into organization-wide momentum within days. The reaction was overwhelmingly positive, Easie recalled:

“Not one developer was not amazed. They were all like, ‘wow, we actually need this, this makes our work easier.’”

For Relay Network, secure-at-inception succeeded because it reduced friction rather than adding it.

Faster remediation and dramatically Lower MTTR

While the initial goal was prevention, Relay Network also saw major gains in remediation speed. When a critical vulnerability surfaced over a weekend, Esaie identified affected repositories, generated upgrades, tested the changes, and deployed fixes within 24 hours. Previously, the same effort would have taken at least a week. Easie noted:

“With the MCP server and Snyk, remediation has become much faster. We have tons of repositories, so being able to quickly go in, make fixes, and move on has significantly reduced remediation time.”

These improvements helped Relay Network maintain aggressive remediation targets and prepare for increasingly stringent customer SLAs, including potential 72-hour critical vulnerability requirements.

As developers became more self-sufficient and AI-assisted fixes were delivered directly in their workflow, security engineers spent less time on manual triage and more time on strategic initiatives.

AI as a learning engine

One of the most unexpected benefits was how AI accelerated technical growth. For Esaie, who does not come from a traditional software engineering background, AI has enabled him to understand unfamiliar codebases, assess exploitability, build custom unit tests, and create automation such as the pre-commit hooks.

In Easie’s words:

“A year and a half ago, I didn’t know half of the things that I know now.” 

Brendan views this as one of AI’s most powerful and often overlooked benefits. Used thoughtfully, AI acts as a continuous learning engine. Helping engineers learn faster, make better design decisions, and broaden their expertise across an increasingly complex technology stack. 

Building the foundation for agentic development security

Relay Network’s work with Snyk focused primarily on securing what AI generates: code and dependencies. But as AI coding assistants evolve into increasingly autonomous agents, organizations need visibility and control across a much broader attack surface. They must secure what agents pull in and use as part of their supply chain: MCP servers, skills, tools, and external integrations, as well as the actions the agents take autonomously across systems and environments. 

This broader challenge is what Snyk addresses through Agentic Development Security (ADS) - a solution designed to secure how software is built in the age of AI agents. Relay Network’s secure-at-inception journey represents a practical first step toward this future.

By embedding security directly into AI-assisted development, they established the controls, workflows, and engineering culture needed to scale AI adoption safely. 

A blueprint for secure AI adoption

Relay Network’s story demonstrates that organizations do not need to choose between innovation and security. By integrating Snyk into GitHub Copilot, they enabled developers to move faster, reduced downstream friction, accelerated remediation, and helped their engineering team become more capable and more AI-native. 

Brendan shared:

“There’s not another product in our space that offers the same level of security and compliance that Snyk does. I’ve seen products that claim to do some of these things, but not as successfully.” 

As Relay Networks’ AI-assisted development strategy matured, the team expanded beyond the use of just Copilot to include Codex and Windsurf. Now that Snyk's scanning and vulnerability context can be embedded directly into the Claude developer workflow, they plan to transition to Claude Code as its primary development assistant. The progression reflects how rapidly AI-assisted development is evolving, and as software development becomes increasingly agent-driven, the organizations that succeed will be those that secure how software is built, not just the code that reaches production. 

Want to learn how to solve similar issues? Install Agentic security with Snyk Studio today, or read more Snyk success stories like Relay Network on our Customers page.