5 Things To Know On Snyk’s New Agentic Security System

The code and AI security vendor is debuting Evo, which provides orchestration of AI agents that can ultimately help secure agentic applications.

Snyk unveiled Wednesday what it’s calling the industry’s “first” agentic security orchestration system — aimed at providing crucial tools that can keep up with the fast-moving security needs of AI-native applications, according to the company.

The new system, Evo, provides orchestration of AI agents that can ultimately help secure agentic applications, said Manoj Nair, chief innovation officer at Snyk, in an interview with CRN.

Already at this stage, “agentic orchestration is there in other domains. It's there in customer experience. It's there in marketing. The dev tools are there,” Nair said. “We're seeing that for security, something like this had to be born.”

Ultimately, Snyk is “building a team of expert agents that are very specialized in solving various parts of this problem, which work together in the system,” he said.

The announcement came in connection with the inaugural AI Security Summit, which is being held Wednesday and Thursday in San Francisco. The event’s founding sponsors are Snyk and AI.Engineer.

What follows are five things to know about Snyk’s new Evo agentic security system.

Rapid Pace Of Development

The massive push to rapidly develop AI and agentic applications has too often led to security needs being sidelined, as is often the case with new technologies, Snyk CEO Peter McKay told CRN.

However, while this attitude of “‘we'll worry about security later’” may make sense for an organizations development team, its security team is still accountable, McKay said.

“It all will ultimately fall back on the security teams that are sitting there with tools that aren't built for the AI era,” he said. “That presents a big challenge.”

At the same time, the development of AI-native applications is likely to only accelerate with the rise of “AI engineers,” Nair said.

“These are the people who claim they are becoming 10X engineers,” he said. “And so we're building something for the 10X security person to be able to keep up with these 10X engineers.”

‘Intelligent’ Orchestration Of Agents

Evo consists of an “intelligent” agent orchestration system — essentially a workflow agent — whose purpose is to coordinate the activities of specialized agents related to securing the creation of AI-native applications, according to Snyk.

This approach is crucial because while many security vendors are already offering agents at this point, “no one's really thought about how to orchestrate [those agents],” Nair said.

Snyk, on the other hand, has developed an agentic orchestrator that is entirely focused on the security domain — and crucially, it can coordinate agents from third-party vendors as well as from Snyk, he said.

“Our power here is not that we built a bunch of agents,” Nair said. “It's the fact that we have an agentic security-specific orchestrator that today is orchestrating our agents, but is [also] open enough that it can orchestrate anything else out there.”

Overall, “the beauty of this is they kind of feed off each other to achieve a much bigger goal than any one of them would individually,” he said.

Specialized Agents

Still, Snyk does believe it has taken a differentiated approach with developing some of the individual, specialized agents it is now unveiling, according to Nair.

The autonomous “task agents” being launched by Snyk include agents for discovery, threat modeling, red teaming, MCP scanning and AI risk registry, the company said.

Additionally, Snyk is debuting a “fix agent” to automatically remediate discovered security issues and a policy agent that can assist with proactive creation of security policies as well as policy enforcement, according to the vendor.

Agent Differentiators

The new Threat Modeling Agent stands out from existing approaches by offering the ability to automate the generation of live AI threat models, Snyk said.

“That's very unique, [because] even in the AI security startup community, no one's really thought about secure-by-design and how to really automate the creation of a design,” Nair said. “We're able to bring that design out, and we're able to figure out what threats are important for this kind of app.”

As a result, "you’re able to think about remediation, versus spending weeks trying to figure out what the threat model is — and by the time you figure it out, it's obsolete,” he said. “So that’s a very powerful innovation.”

Other key differentiators for the new agents include offering comprehensive visibility across MCP (Model Context Protocol) servers in developer environments through the new MCP Scan Agent, Snyk said.

The goal with that agent is to “make sure your AI tools itself are not an attack point,” Nair said. “The tool chain itself is a point of attack because MCP is so prevalent and it's got all these security issues.”

Partner Opportunities

Snyk has been working with partners around the new Evo system including system integrator partners that have “validated” much of what the vendor has put together for the offering, Nair said.

For instance, many system integrators are in demand for providing AI threat modeling, which could be massively assisted by Evo and the new Threat Modeling Agent, he said.

“They waste a lot of their time just trying to organizationally navigate how to pull this together,” Nair said. “So for them, this becomes a much more powerful tool.”

On the whole, “I think it elevates what they can offer from being tactical to strategic,” he said. “Because [Snyk] just building this tool doesn't mean a customer is going to be able to be successful on its own. So it’s the partners who are now able to [enable that].”