Snyk Studio brings security scanning and automated fixes to Factory's Droids

Snyk is thrilled to announce our partnership with Factory, which brings Snyk Studio directly into Droid workflows. 

AI agents, such as Factory’s Droids, can generate thousands of lines of code at incredible speed and are transforming modern software development. Yet every time a Factory Droid quickly ships a feature in minutes vs. days, refactors an entire module, and updates dependencies across a repo, it’s potentially introducing vulnerabilities at the same pace. 

The need: Droids that build fast and securely  

Factory's approach to agentic development relies on Droids, which are specialized agents for everything from feature development to incident response. Droids can move through your codebase at a pace that would make even your most caffeinated senior engineer jealous.

But when AI agents generate code at scale, they can also unintentionally introduce vulnerabilities. And unlike human developers who might introduce one or two security issues per feature, an autonomous agent churning through your entire dependency tree can accumulate security debt faster than your team can burn it down.

We're in a new reality with agentic development workflows that need agentic security workflows. Code generated in real time needs to be secured in real time. And security debt that's been piling up for years needs tools smart enough to clear it efficiently, not just flag it endlessly.

The solution: Snyk Studio for Factory

This is where our new integration comes in. Snyk Studio for Factory embeds Snyk’s real-time security intelligence directly into Factory's Droid workflows through the Model Context Protocol (MCP).. 

The Snyk Studio for Factory integration enables two critical workflows that address both your future and your past:

First, secure at inception for when a Factory Droid generates new code. Snyk’s real-time security insights are available to Droids who have access, giving them instant feedback on vulnerabilities, plus contextual guidance on how to fix them. This automates remediation before the code ever reaches your main branch, so your Droids aren't just moving fast; they're building secure code from the ground up. 

Second, Snyk can help Droids burn down the backlog to tackle existing security debt that's been slowing your team down for months or years. Just point a Droid at your codebase with Snyk's prioritized vulnerability data, which factors in exploit maturity, reachability, and business impact. Now your Droid can methodically work through the backlog, fixing critical issues at scale while your team focuses on new features. It's not just about preventing new problems; it's about finally clearing the old ones efficiently.

Snyk Studio for Factory in action 

The integration is being developed through a formal design partnership with industry leaders, including one of the top three banks listed on the Evident AI Banking Index, whose feedback continues to shape the enterprise-grade controls and workflows.

With Snyk Studio integrated into their Factory workflows, their Droids will be able to:

• Generate migration code that's scanned in real time.

• Automatically fix vulnerabilities as they refactor legacy systems.

• Apply consistent security policies across all code changes.

• Document security decisions in their saved spec files for compliance.

The key question for large organizations, such as this financial services firm, is not if they will adopt agentic workflows, but how they will do so securely.

Getting started

If you're already using Factory and want to add security scanning to your Droid workflows, check out our quickstart guide in the Snyk docs. The integration works through Snyk's MCP server, which means your Droids can call Snyk's security tools just like any other development tool.

For Factory Terminal/IDE users, you can add Snyk Studio with a simple slash command:

/mcp add Snyk "npx -y snyk@latest mcp -t stdio"

For Factory IDE extension users, you'll add Snyk to your MCP configuration file at ~/Library/Application Support/Factory Bridge/mcp.

Ready to see how Snyk and Factory solve a real-world problem? Dive into the technical breakdown of how Factory Droids use Snyk Studio to apply security fixes across your codebase. Read the article today.