Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Years ago, we published the blog post, “Why do organizations trust Snyk to win the open source security battle?” which laid out the methodology and practices for building the Snyk Vulnerability Database.

Organizations waste enormous amounts of time chasing down security alerts that turn out to be nothing. Recent research from May 2025 shows that 70% of a security team's time is spent investigating alerts that are false positives, wasting massive amounts of time in the investigation rather than working on proactive security measures to improve organizational security posture.

AI coding assistants are transforming the way developers work. With a prompt and a click, entire blocks of logic appear, boilerplate fades into the background, and velocity shoots up. But as anyone who’s integrated these tools into their daily routine can tell you, increased speed can come with increased risk. Vulnerabilities sneak in. Fixes pile up. And somewhere in the blur, developer trust begins to erode.

Shipping software into the EU now comes with serious strings attached. The Cyber Resilience Act (CRA), in effect since December 2024, sets strict new rules for any company offering digital products or services in the region, whether you’re a local startup or a global platform. The regulation aims to improve cybersecurity across connected devices and cloud-based software.

AI is often compared to electricity, but without trust, it’s just a live wire. As organizations adopt AI to move faster, reduce manual effort, and push the boundaries of what’s possible, one truth is becoming clear: trust in AI isn’t optional. It’s foundational. And for software development teams, AI Trust is now the north star that guides safe, scalable innovation.

Many businesses are using AI to innovate and boost productivity. But to truly benefit from AI, you need to trust it. That's where the Snyk AI Trust Platform comes in. As we announced at the 2025 Snyk Launch, the Snyk AI Trust Platform is designed to unleash innovation, reduce business risk, and accelerate software delivery in the age of AI.

We’re happy to announce that Cursor has validated Snyk’s CLI MCP server and added Snyk to their curated set of MCP tools from official providers. At Snyk, we recognized early on that although AI assistants accelerate development, they can inadvertently introduce vulnerable patterns, leverage outdated libraries, or even code with known security flaws. In order to maintain the rapid iteration cycles that AI enables, developers need security to be as agile as AI itself.

Businesses are moving beyond AI experiments and proofs of concept. As we approach what IDC is predicting will be the “AI pivot years” of 2025-2026, organizations are prioritizing, planning, and building for scale. This shift includes AI agents — self-directed tools that automate tasks — as technology providers strive to simplify development workflows. Under the surface, AI systems expose an expanded threat landscape that spans the software development lifecycle (SDLC).

Snyk is delighted to announce a significant milestone for our customers and partners in the Asia-Pacific (APAC) region: the launch of a dedicated Snyk API & Web infrastructure instance, which is now available and hosted locally within the region. This investment addresses the critical needs of our growing customer base in the region, ensuring that they can benefit from our modern, developer-first DAST capabilities while meeting local data residency and compliance requirements.