DevSecCon 2025 Recap: Securing the AI Revolution Together

The energy at DevSecCon 2025 was electric, and we're leaving inspired by the passion and dedication of this extraordinary community. Before the conference, we talked about going "beyond the hype," and together, that's exactly what we did. We dove deep into the real challenges and groundbreaking opportunities at the intersection of AI and security.

A central theme running through the conference was the sheer speed of change. AI's impact on the global economy is projected to reach a staggering $22 trillion by 2030. But this massive opportunity rests on a foundation of trust and security. With 77% of engineering leaders already using AI for coding, we're not waiting for the future; we're building it right now, and it's essential we do it securely. 

The conversations at DevSecCon revolved around three critical stages of this AI evolution. Let's break them down.

Keeping pace with AI-accelerated DevSecOps

For years, software development has been on a steady climb. Now, it's a vertical launch. This new pace means that legacy security approaches are falling behind, making a mature, AI-accelerated DevSecOps practice more critical now than ever before.

To help teams keep up, we highlighted several Snyk capabilities that have been introduced throughout 2025 that are designed to help organizations achieve AI-accelerated DevSecOps by enabling a security posture that keeps pace with modern development. 

Because DevSecOps is all about AppSec and Development collaboration, we’ve introduced new capabilities to help both devs and security practitioners independently and together on their joint mission of accelerating the development of secure software. 

For developers, we’ve made several enhancements that provide more information and context, but also more actionability in developer workflows. Notably, we’ve made several additions to the IDE and pull request experiences. 

• In the IDE, we’ve added the ability to toggle between total issues found and new findings that were introduced by that developer, drastically reducing noise and improving focus. 

• In the pull request (PR) experience, we’ve added PR checks for Snyk Code, issue summary comments, high-context inline comments, and the ability to generate and apply Snyk Agent Fix recommendations directly from the pull request.  

As for AppSec teams, Snyk elevates them from task managers to a role providing strategic governance by delivering comprehensive asset visibility, risk-based prioritization, contextual guardrails, and advanced analytics.

We’ve enhanced asset discovery and policies to elevate AppSec from a tactical issue hunt to strategic risk management:

• Asset Discovery: Snyk Essentials automatically discovers repositories across all your SCMs. 

• Prioritization: You can then enrich your asset inventory with critical business context for effective prioritization.

• Policy: And then create asset policies that enforce rules based on the asset context.

This moves you beyond just asset coverage to control coverage. You can now answer: "Are my most important assets protected by the right controls?”

Group by dependency view in Snyk Open Source: We’ve also introduced a new default view for our vulnerability list in Snyk Open Source, focusing on libraries rather than individual vulnerabilities. The new view groups all vulnerabilities by dependency and the versions that fix them, so you can easily identify opportunities for efficiency where one fix solves many issues. 

As for Snyk Analytics, we’ve also made several new enhancements:

1. An overhauled user interface with customizable dashboards and saved views gives personalized insights to the team, depending on the context they need.

2. The new expanded reporting catalogue provides more and better reports, giving visibility into compliance and progress to internal and external requirements 

3. More extensibility options, like the new Export API and previously announced Snowflake integration, give your team the ability to investigate and integrate Snyk data into whatever tools you prefer, getting more insights and deeper analysis. 

With actionable analytics, robust reporting, and extensibility options, you can demonstrate the health of your program and drive governance and prevention initiatives.

A mature DevSecOps practice is essential for safely adopting AI in development. Snyk helps organizations achieve AI-accelerated DevSecOps by enabling a security posture that keeps pace with modern development. 

Starting left: Security at the developer's first prompt

The rise of AI coding assistants has fundamentally changed what it means to "shift left". The new "left" is no longer the first commit or even the first file saved; it's the developer's first prompt. This is the earliest possible moment to influence a secure outcome.

This new reality requires a new model: Secure at Inception. It’s not about scanning code after it’s written; it's about embedding security intelligence directly into the AI workflow. This works in three simple steps:

1. Govern: Security teams set clear rules within the AI code assistant 

2. Guide: The AI code assistant uses that directive as real-time context to generate secure and compliant code

3. Empower: The developer receives secure code from the start, staying in their workflow without friction or context switching.

To bring this vision to life at an enterprise scale, we announced a groundbreaking partnership with Cognition. By uniting Snyk's best-in-class security with the leading AI-powered code assistant, we're making secure code the default. We've also built enterprise rollout capabilities that allow platform teams to automatically deploy and configure secure, standardized environments for every developer instantly. Stay tuned for more updates on these capabilities in the coming weeks!

Taming the new chaos: Securing AI-native applications

The final frontier of our discussions was the rapid emergence of AI-native applications, meaning apps where AI is the core engine. These agentic systems introduce a massive attack surface and behave unpredictably, a challenge one customer compared to "trying to walk a cat on a leash".

Old, rule-based security tools can't control this new chaos. To meet this challenge, we unveiled our most exciting announcement yet: Evo by Snyk.

Evo is the world's first and only agentic security orchestration system, designed to protect AI-native applications against new threats. With just one natural language prompt, Evo dynamically suggests a plan and automatically executes the steps required to secure your Al-native applications and tools, using a powerful set of task-oriented agents for everything from discovery to remediation.

More than a conference: The power of community

The DevSecCon Community is built on the belief that securing the future is a team sport, and it was incredible to see this in action. Even in a virtual setting, the energy was palpable, and this collaboration doesn't stop now that the event has ended.

DevSecCon has now grown into something even more powerful: the world’s leading community dedicated to AI security, with 30 local chapters in over 20 countries around the world, and a global conversation happening 24/7 on our chat platforms, where experts and newcomers alike are sharing knowledge and helping each other solve the tough problems of today. 

We are deeply committed to the open source world, providing free security for open source projects to help maintainers find and fix vulnerabilities in their applications. Snyk is proud to secure over 585,380 open source projects today.

Our Snyk Partner Network is another cornerstone of our community. We work closely with technology partners, security consultants, and cloud providers to build integrated solutions that make security seamless. By combining Snyk's developer security platform with our partners' expertise, we empower organizations to innovate securely and confidently. It's this ecosystem of collaboration that drives real change.

From inspiration to action: Next steps for your AI security journey

The energy and ideas from DevSecCon 2025 don't have to end here. You can take immediate, practical steps to start securing your organization's AI journey today. Here’s how to get started.

Gain visibility

You can't secure what you can't see. Use our AI Bill of Materials (AI-BOM), which is free to all customers, to see where AI is being used in your organization. The Discovery Agent can create an AI-BOM that highlights the use of AI components within your repos and applications, giving you a comprehensive list of integrated repositories and visibility into all the AI tools, APIs, and models in use. This is the foundational step for managing risk in AI-native development.

Scan your environment

With developers rapidly adopting AI coding assistants, it's crucial to know which tools are being used across your teams. Our MCP scanner, which is available as an open source tool, allows you to find MCP servers and clients within your development environments. This helps you identify the usage of AI coding tools that might introduce risk, giving you the insight needed to implement the right guardrails for AI-driven development.

Secure your AI-driven development 

We introduced our "Secure at Inception" vision at the show, and you can start acting on it today. Visit our website to learn more about how Snyk Studio helps you secure your AI-driven development workflows, or get started in minutes with our new streamlined experience.

Shape the future with Snyk

Snyk customers have the opportunity to become an Evo design partner. By joining the program, you can work directly with our teams to help shape the future of this powerful orchestration system and ensure it solves the real-world challenges your organization faces in securing AI-native applications.

Thank you again for making DevSecCon 2025 a landmark event. Let's continue the conversation and keep building a more secure future together.