Skip to main content

Snyk Launches Agent Security Solution to Protect the Full AI Lifecycle; Announces General Availability of Evo AI-SPM

Default News banner

March 23, 2026

New solution governs autonomous AI agents from development through production, turning AI policy into enforceable controls.

SAN FRANCISCO, March 23, 2026 (RSA Conference 2026)Snyk, the AI security company, today announced the launch of its new Agent Security solution and the General Availability (GA) of Snyk Evo AI-SPM. The solution arrives as enterprises rapidly deploy autonomous coding agents - like Claude Code, Cursor, and Devin - often with no security architecture governing what these systems build, the tools they invoke, or the actions they take across production infrastructure.

Coming out of stealth and reaching GA, Snyk Evo AI-SPM - incubated within the company's dedicated AI innovation arm - expands the operational capabilities of the AI Security Fabric. This enforcement architecture governs autonomous agents from the moment they are introduced into software through every action they take in production. As enterprises deploy autonomous agents across their software stack, Snyk provides the enforcement layer that every agentic workflow must pass through to be enterprise-safe.

The Shadow AI Crisis and the Governance Gap

Autonomous software agents are now writing, modifying, and deploying code at machine speed, and traditional security review processes cannot keep pace. Snyk's 2026 State of Agentic AI Adoption Report shows that enterprises that believed they had AI under control have discovered they do not. For every AI model deployed, enterprises introduce nearly three times as many untracked software components.

During early access, across more than 500 Evo scans, organizations with existing cloud security and CNAPP controls in place were surprised to discover ungoverned agentic AI components in their codebases that had previously bypassed their security stack.

Cloud security platforms show where AI runs after deployment. Snyk shows where AI is introduced into software and enforces governance policies before it ever reaches the cloud.

"Agentic architectures turn governance into a software supply chain problem," said Manoj Nair, Chief Innovation Officer at Snyk. "Our value is confirming which findings are real and exploitable, using ground truth data from a decade of enterprise deployment that no AI model can produce alone. Claude finds. Snyk confirms. The agent fixes only what's real."

"One of the things that was exciting about Evo AI-SPM is the visibility. It only took an afternoon to set it up and less time to pull a report and have full visibility," said Jason Langston, Director, Product Security at WEX. "Here at WEX, we take a business-impact approach to AI. Being able to put our arms around the full breadth of what was actually in place was a super helpful foundation to start from."

Evo AI-SPM: Turning Governance into Enforceable Controls

Evo AI-SPM serves as the engine for Snyk's Agent Security solution, operationalizing AI security through specialized, automated agents. To eliminate manual governance, a Discovery Agent automatically maps the "code-first" attack surface to generate a live AI-BOM. This inventory is continuously enriched by a Risk Intelligence Agent with metadata, hallucination and bias metrics, and contextual security signals. Finally, a Policy Agent translates plain-English governance intent into machine-enforceable security guardrails that execute natively during CI pipelines.

Governing the Full Agent Lifecycle: Environment, Artifact, and Behavior

To allow developers to leverage powerful AI coding tools without compromising their security posture, Snyk Agent Security delivers a unified architecture that secures the three critical phases of agentic development:

  • Environment — Agent Scan (Open Preview): Secures the supply chain of tools agents rely on by ensuring every MCP server and agent skill is known, trusted, and governed.

  • Artifact — Snyk Studio: Enforces security validation directly within the CI/CD pipeline as code is produced. Studio is already deployed across 300+ enterprise customers and natively integrated into Claude Code, Cursor, and Devin workflows.

  • Behavior — Agent Guard (Private Preview): Provides real-time enforcement within the development loop, stopping destructive commands and governing exactly how agents operate.

Beyond development, Snyk is also securing AI-native applications at runtime. In the realm of dynamic testing, Snyk API & Web targets authorization and business logic vulnerabilities—such as BOLA and IDOR that are commonly introduced by AI-generated code and pose significant risk when exposed to autonomous agents.

Additionally, Agent Red Teaming (Open Preview) deploys autonomous agents to simulate multi-turn attack flows, continuously exposing vulnerabilities so they can be fixed before they are exploited in production.

Availability

  • Evo AI-SPM — including the Discovery Agent, Risk Intelligence Agent, and Policy Agent — and API & Web Testing are both Generally Available (GA) today.

  • Snyk Studio is now embedded directly into AI-driven development workflows within the Snyk platform.

  • Agent Scan and Agent Red Teaming are currently available in Open Preview, while Agent Guard is available in Private Preview. Snyk is actively seeking design partners for its preview programs.

Snyk is showcasing its new Agent Security solution and the GA capabilities of Evo AI-SPM this week at the RSA Conference 2026. To learn more or request a demo, visit https://snyk.io/events/rsac/

About Snyk 

Snyk, the AI security company, empowers the AI-driven enterprise to develop and secure its future, ensuring organizations can trust AI to innovate without limits. The Snyk AI Security Platform serves as the industry’s AI Security Fabric, weaving protection directly into the flow of creation to secure GenAI code, AI-native applications, and agentic systems. By delivering visibility, control, and autonomous defense secure at inception, Snyk enables over 4,800 global customers to build fearlessly in the AI era.