Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Snyk empowers organizations to build fast and stay secure. As security and engineering teams scale their use of Snyk across the enterprise, understanding what's happening across your group and organizations becomes critical–from API integrations and user access patterns to policy changes and security events. However, raw audit logs alone can be overwhelming and difficult to interpret. Security leaders need instant visibility into critical events, risk patterns, and user activity.

On November 24th, 2025, we identified a new supply chain attack in the npm ecosystem, referred to as SHA1-Hulud. We believe this is a second wave of the Shai-Hulud attack, which occurred in September 2025. Snyk will continue monitoring this active incident until it is resolved. Updates on this incident will be on our trust center.

Last week at the AI Security Summit, something profound happened. The first cohort of AI Security Engineers in the world earned their certification — a milestone that symbolized not just new skills, but a new mindset. For decades, security has been about control. Rules, gates, and policies that define what’s safe and what’s not. But the age of Agentic AI — systems that perceive, reason, act, and learn — is forcing us to evolve beyond static defenses.

Snyk is thrilled to announce our partnership with Factory, which brings Snyk Studio directly into Droid workflows. AI agents, such as Factory’s Droids, can generate thousands of lines of code at incredible speed and are transforming modern software development. Yet every time a Factory Droid quickly ships a feature in minutes vs. days, refactors an entire module, and updates dependencies across a repo, it’s potentially introducing vulnerabilities at the same pace.

The way we build software has fundamentally changed. AI code assistants are no longer a novelty; they are the new standard, creating a revolutionary leap in developer productivity. Back in May, we launched Snyk Studio with a focus on our partners, creating an open framework to build a vibrant ecosystem for securing AI-driven development. Our goal was to ensure that as the AI landscape evolved, Snyk’s market-leading security intelligence could be embedded into any AI-native tool.

At Snyk, our mission has always been to empower developers to build secure applications without slowing down. The importance of a developer-first approach is even more critical with the proliferation of AI use and in the world of cloud-native development. This means rethinking container security. It’s no longer enough to just scan a Dockerfile or a finished image at a single point in time.

I’ve spent my career building and defending. I’ve seen the beauty of innovation and the brutality of cyber warfare. I’ve sat shoulder-to-shoulder with security engineers and platform teams in the trenches at 3AM responding to state-backed attacks where context and speed meant survival. In those moments, one truth becomes painfully clear: With AI, that gap just became a chasm. Agentic AI didn’t bend the rules of software — it rewrote them. Code now evolves in real time.

Company overview: Mercato Solutions is one of EMEAs fastest growing and most innovative low-code enterprise application providers. Champion / Spokesperson: Neil Tonkin, CTO Mercato Solutions is one of EMEAs fastest growing and most innovative low-code enterprise application providers. The company helps their global clients transform their business processes with bespoke and branded software platforms, applications, and cloud environments that help work flow more efficiently and effectively.

Today, Snyk is excited to announce a new partnership with Cognition that significantly advances security within the software development lifecycle, validating our "Secure at Inception" model. This collaboration introduces new integrations, Snyk for Devin and Snyk for Windsurf, which directly embed Snyk Studio's security intelligence into Cognition's AI-native developer tools.

We’re thrilled to announce that Snyk has been recognized as a Leader in the 2025 Gartner Magic Quadrant for Application Security Testing (AST)! This recognition, based on our vision and ability to execute, validates our core mission: to empower developers to build securely from the start while giving security teams complete visibility and comprehensive controls.