Snyk, the AI security company, has announced the launch of Evo by Snyk, the world’s first agentic security orchestration system designed to secure AI-native applications and tools, including GenAI and agentic. Evo ushers in the era of the empowered AI Security Engineer, acting as both guide and autonomous teammate for deploying the intelligent orchestration, automation, and proactive governance required to master the security complexities of the agentic enterprise.
Evo by Snyk integrates with and builds upon the Snyk AI Security Platform, providing enterprises with a unified, agentic experience to discover, test, govern, and protect AI systems across the entire software development lifecycle (SDLC). With cutting edge planning and orchestration skills, Evo transforms any security goal into coordinated agent actions — enabling security teams to operate at the speed of AI innovation.
“This is a watershed moment for the secure use of AI. The advent of AI-native applications marks a fundamental paradigm shift in how software is created,” said Peter McKay, CEO of Snyk. “Security can’t just keep pace – it must lead the charge. With Evo, we’re not just securing code – we’re architecting the trust that will unlock the full potential of tomorrow’s agentic systems for the modern enterprise.”
A New Category: Security for AI-Native Applications
The proliferation of agentic AI has created a new landscape defined by unbounded, non-deterministic applications, a massive attack surface, and an unpredictable, evolving supply chain. This shift renders traditional, rule-based security models ineffective and opens the door to completely new and novel threats. Organizations now face external attacks like prompt injection – which Gartner reports one in three security leaders have already experienced 1 – alongside internal risks from “Shadow AI,” with 52% of organizations confirming employees are building custom GenAI applications without proper risk evaluation 2.
Protecting AI-native apps demands a new, agentic approach – one that is continuous and adaptive. Following the OODA loop (Observe, Orient, Decide, Act) framework used to train fighter pilots, Evo empowers security teams to continuously neutralize novel AI threats with speed and precision. It helps security teams:
- Observe their organization’s AI usage to gain complete visibility into all tools and models in play.
- Orient to AI risks by analyzing and synthesizing threats with advanced threat modeling and red teaming agents.
- Decide on the right actions to address identified risks by creating clear policies.
- Act with confidence by automatically generating fixes, creating tickets, and deploying runtime agents that enforce strong security guardrails.
Introducing Evo by Snyk
Evo is the first agentic AI security system capable of orchestrating multiple agents, automating agentic workflows, and enforcing proactive governance across the AI development lifecycle. Through its unified agentic interface, teams can discover AI components, analyze contextual risk, prioritize actions, and create policies to govern AI adoption at scale. This approach is necessary for a few reasons: first, the risk associated with AI applications and tools is broad and encompasses several areas where specialized security controls are needed. Secondly, the way these specialized agents work will have to be an evolution from traditional risk-based controls that only work for deterministic applications. Finally, the challenge of assessing much less coordinating across a fragmented set of point-solutions and start-ups will be too cumbersome and slow for AI security.
Key features of Evo by Snyk include:
- Intelligent Agent Orchestration: A Workflow Agent acts as an intelligent coordinator, seamlessly combining multiple specialized Task Agents into powerful, automated workflows from a single natural language prompt. The Workflow Agent transcends all agent usage in an Enterprise, orchestrating both Snyk and non-Snyk agents alike.
- Autonomous Task Agents: A broad range of specialized Snyk agents secure every stage of the AI lifecycle. Key agents include:
- Discovery Agent: Automatically maps all AI models, datasets and MCPs to provide a complete view of AI usage.
- Secure by Design Threat Modeling Agent: Automatically builds live AI threat models from code and flags risks like prompt injection with clear remediation paths.
- Red Teaming Agent: Runs autonomous adversarial testing of models, agents, and applications via the industry’s leading engine for LLM-native application scanning.
- MCP Scan Agent: Provides full visibility into all MCP servers in developer environments, leveraging Snyk’s pioneering MCP research to monitor usage and enforce real-time guardrails.
- AI Risk Registry Agent: Continuously evaluates and scores AI component risk, analyzing security, compliance, and data controls to ensure only trusted models and MCP servers are deployed.
- Policy Agent: Defines and enforces executable AI security guardrails for model use, data access, and compliance.
- Fix Agent: Automatically resolves AI security issues through direct remediation or by initiating pull requests.
- Natural Language Policy Creation: The Policy Agent allows teams to proactively create and enforce security policies using natural language to govern the use of AI in development and runtime applications.
- Comprehensive Reporting: A Reporting Agent generates customizable insights across all agents, enabling faster and more flexible AI security risk reporting.
“Organizations increasingly understand the importance of securing AI-native applications and look to trusted application security providers to evolve alongside these needs,” said Katie Norton, research manager at IDC for DevSecOps. “With today’s announcement, Snyk signals a strategic investment in applying AI to strengthen the security of intelligent software and the supply chains that support it, positioning itself to meet the emerging expectations of this next phase of AI security.”
Availability
Evo by Snyk is available in experimental preview today for customers, with broader availability in early 2026. Customers can visit evo.ai.snyk.io to sign up for access to experimental preview of Evo or apply to become a design partner.
Additionally, Snyk AI-BOM, Snyk AI Red Teaming, and Snyk MCP-Scan are available in experimental preview for Snyk customers. You can test these latest innovations in AI security today, right here in Snyk Labs.
For more information, please visit evo.ai.snyk.io.