Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We’re happy to announce that Cursor has validated Snyk’s CLI MCP server and added Snyk to their curated set of MCP tools from official providers. At Snyk, we recognized early on that although AI assistants accelerate development, they can inadvertently introduce vulnerable patterns, leverage outdated libraries, or even code with known security flaws. In order to maintain the rapid iteration cycles that AI enables, developers need security to be as agile as AI itself.

Businesses are moving beyond AI experiments and proofs of concept. As we approach what IDC is predicting will be the “AI pivot years” of 2025-2026, organizations are prioritizing, planning, and building for scale. This shift includes AI agents — self-directed tools that automate tasks — as technology providers strive to simplify development workflows. Under the surface, AI systems expose an expanded threat landscape that spans the software development lifecycle (SDLC).

Snyk is delighted to announce a significant milestone for our customers and partners in the Asia-Pacific (APAC) region: the launch of a dedicated Snyk API & Web infrastructure instance, which is now available and hosted locally within the region. This investment addresses the critical needs of our growing customer base in the region, ensuring that they can benefit from our modern, developer-first DAST capabilities while meeting local data residency and compliance requirements.

The pace of technological change is always fast, but with AI everywhere, things have gone into overdrive. In Australia and New Zealand, businesses plan to spend heavily on generative AI—about $15 million on average, more than the global average. This puts immense pressure on technology, security, and engineering leaders. They must innovate quickly, but they also face complex risks from AI. This is forcing them to rethink how speed and security can work together.

AI coding assistants like GitHub Copilot and Google Gemini Code Assist are changing how developers work — accelerating delivery, removing repetition, and giving teams back time to build. But speed isn’t free. Studies show that around 27% of AI-generated code contains vulnerabilities, not because the tools are broken, but because they generate code faster than most teams can review it. The result? A growing wave of insecure code is making it into production.

Organizations spend enormous effort fixing software vulnerabilities that make their way into their public-facing applications. The Consortium for Information and Software Quality estimated that the cost of poor software quality in the United States reached $2.41 trillion in 2022, a number sure to be much higher today. That’s nearly 10% of the current GDP within the US. As we will show, it makes sense that the cost of poor software quality is so high.

As AI-generated code continues to boost developer productivity – and with it the number of vulnerabilities in code – the need for a programmatic approach to security within a fully AI-enabled reality is key. AI Trust and governance is the new standard for the AI era, and is achieved through visibility, prioritization, and policy. With this in mind, over time, Snyk has expanded the number of reports and analytics provided in its platform to address this need.

Today marks a significant milestone for Snyk and, more importantly, for the security posture of the U.S. government. I'm thrilled to introduce Snyk for Government, our FedRAMP Moderate authorized solution for the public sector. This authorization underscores our unwavering commitment to providing secure development solutions that meet the rigorous standards of the Federal Risk and Authorization Management Program (FedRAMP). It means that U.S.

In a previous blog, we discussed how AI is reshaping software development at every level. This shift means developers need new skills to stay effective. In fact, Gartner predicts that generative AI will require 80% of the engineering workforce to upskill through 2027. So what can today’s developers do to stay ahead? Here are a few steps to consider.

In the last year, generative AI has dramatically accelerated how software is written. Developers can generate entire functions with a prompt, automate repetitive logic, and offload everything from boilerplate code to documentation. But with this newfound speed comes a deeper, more complex challenge: ensuring that what’s being created is secure, trustworthy, and production-ready.