Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Snyk empowers organizations to build fast and stay secure. As security and engineering teams scale their use of Snyk across the enterprise, understanding what's happening across your group and organizations becomes critical–from API integrations and user access patterns to policy changes and security events. However, raw audit logs alone can be overwhelming and difficult to interpret. Security leaders need instant visibility into critical events, risk patterns, and user activity.

On November 24th, 2025, we identified a new supply chain attack in the npm ecosystem, referred to as SHA1-Hulud. We believe this is a second wave of the Shai-Hulud attack, which occurred in September 2025. Snyk will continue monitoring this active incident until it is resolved. Updates on this incident will be on our trust center.

Last week at the AI Security Summit, something profound happened. The first cohort of AI Security Engineers in the world earned their certification — a milestone that symbolized not just new skills, but a new mindset. For decades, security has been about control. Rules, gates, and policies that define what’s safe and what’s not. But the age of Agentic AI — systems that perceive, reason, act, and learn — is forcing us to evolve beyond static defenses.

Snyk is thrilled to announce our partnership with Factory, which brings Snyk Studio directly into Droid workflows. AI agents, such as Factory’s Droids, can generate thousands of lines of code at incredible speed and are transforming modern software development. Yet every time a Factory Droid quickly ships a feature in minutes vs. days, refactors an entire module, and updates dependencies across a repo, it’s potentially introducing vulnerabilities at the same pace.

The way we build software has fundamentally changed. AI code assistants are no longer a novelty; they are the new standard, creating a revolutionary leap in developer productivity. Back in May, we launched Snyk Studio with a focus on our partners, creating an open framework to build a vibrant ecosystem for securing AI-driven development. Our goal was to ensure that as the AI landscape evolved, Snyk’s market-leading security intelligence could be embedded into any AI-native tool.

At Snyk, our mission has always been to empower developers to build secure applications without slowing down. The importance of a developer-first approach is even more critical with the proliferation of AI use and in the world of cloud-native development. This means rethinking container security. It’s no longer enough to just scan a Dockerfile or a finished image at a single point in time.