Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Company overview: Mercato Solutions is one of EMEAs fastest growing and most innovative low-code enterprise application providers. Champion / Spokesperson: Neil Tonkin, CTO Mercato Solutions is one of EMEAs fastest growing and most innovative low-code enterprise application providers. The company helps their global clients transform their business processes with bespoke and branded software platforms, applications, and cloud environments that help work flow more efficiently and effectively.

Today, Snyk is excited to announce a new partnership with Cognition that significantly advances security within the software development lifecycle, validating our "Secure at Inception" model. This collaboration introduces new integrations, Snyk for Devin and Snyk for Windsurf, which directly embed Snyk Studio's security intelligence into Cognition's AI-native developer tools.

Snyk has been named a Leader in the Gartner® Magic Quadrant™ for Application (AST) in 2025. Access your complimentary copy of the report to see how vendors compare in the AST market.

We’re thrilled to announce that Snyk has been recognized as a Leader in the 2025 Gartner Magic Quadrant for Application Security Testing (AST)! This recognition, based on our vision and ability to execute, validates our core mission: to empower developers to build securely from the start while giving security teams complete visibility and comprehensive controls.

In October 2025, researchers uncovered a phishing operation that weaponizes the npm ecosystem, but this time not to infect developers at install time, but rather to host and deliver phishing scripts via the trusted unpkg.com CDN.

On September 25, 2025, the npm package postmark-mcp, an MCP (Model Context Protocol) server intended to let AI assistants send emails via Postmark, was reportedly modified to secretly exfiltrate email contents by adding a blind-copy (BCC) to an external domain. Current analysis suggests the behavior began around 1.0.16 and persisted in later versions.

As businesses strive to secure sensitive cardholder data and stay compliant with Payment Card Industry Data Security Standard (PCI DSS) v4.0.1, one of the most overlooked areas is developer training. The latest version of the PCI DSS places clear emphasis on ensuring developers are not only residually aware of security best practices, but are actively trained to build secure software and detect vulnerabilities. This is where Snyk Learn comes in.

We’re thrilled to share that Snyk has, for the sixth time and fifth consecutive year, been named to the Forbes Cloud 100 ranked at, recognizing the world’s most innovative private cloud companies. This year’s recognition is especially meaningful, reflecting the bold step we took in May to launch the AI Trust Platform, reorienting Snyk around a single mission — securing the future of AI-native software development.

Company overview: Labelbox is the leading data factory for delivering high-quality, frontier data to top AI labs and enterprise AI teams.

As AI transforms software development, AppSec teams face new complexities. For instance, the lack of visibility into where AI is being used and the reality that AI-generated code is often highly vulnerable make it nearly impossible to prioritize remediation and effectively scale security programs. To succeed, AppSec teams have to evolve from task managers to strategic governance enforcers.