Snyk Launches New Agentic Security Orchestration System

Snyk, an AI security company, recently announced the launch of a new agentic security orchestration system for securing AI-native applications and tools, including GenAI and agentic.

Evo by Snyk is a “guide and autonomous teammate” meant to deploy intelligent orchestration, automation, and proactive governance to master security complexities of the agentic enterprise.

The solution integrates with and builds upon the Snyk AI Security Platform, providing enterprises with a unified, agentic experience to discover, test, govern, and protect AI systems across the entire software development lifecycle (SDLC).

“This is a watershed moment for the secure use of AI. The advent of AI native applications marks a fundamental paradigm shift in how software is created,” said Peter McKay, CEO of Snyk. “Security can’t just keep pace — it must lead the charge. With Evo, we’re not just securing code — we’re architecting the trust that will unlock the full potential of tomorrow’s agentic systems for the modern enterprise.”

Evo by Snyk’s capabilities

Evo enables security teams to continuously neutralize novel AI threats with speed and precision.

It follows the Observe, Orient, Decide, Act (OODA) framework, used to train fighter pilots. It helps security teams:

• Observe their organization’s AI usage to gain complete visibility into all tools and models in play.
• Orient to AI risks by analyzing and synthesizing threats with advanced threat modeling and red teaming agents.
• Decide on the right actions to address identified risks by creating clear policies. 
• Act with confidence by automatically generating fixes, creating tickets, and deploying runtime agents that enforce strong security guardrails.

“Security is very difficult to control because that also means that the traditional rules-based approach doesn’t work — [AI] doesn’t behave the same way,” said Snyk CIO Manoj Nair in an interview with Channel Insider. “One of our customers described it best to me: It’s like taking a cat on a leash for a walk — it’s not going to walk the same line twice. So, securing them really required us to think differently.”

Among the key features of the solution are:

• Intelligent Agent Orchestration: Utilizing a Workflow Agent that acts as an intelligent coordinator, the solution seamlessly combines multiple specialized Task Agents into automated workflows from a single natural language prompt. The Agent transcends all agent usage across an enterprise, orchestrating both Snyk and non-Snyk agents.
• Autonomous Task Agents: A broad range of specialized Snyk agents secure every stage of the AI lifecycle. The agents include:
  • Discovery Agent: Automatically maps all AI models, APIs, and dependencies to provide a complete view of AI usage.
  • Threat Modeling Agent: Automatically builds live AI threat models from code and flags risks, such as prompt injection, with clear remediation paths.
  • Red Teaming Agent: Runs autonomous adversarial testing of models, agents, and applications via an engine for LLM-native application scanning.
  • MCP Scan Agent: Gives full visibility into all MCP servers in developer environments, leveraging Snyk’s pioneering MCP research to monitor usage and enforce real-time guardrails.
  • AI Risk Registry Agent: This agent continuously evaluates and scores AI component risk, analyzing security, compliance, and data controls to ensure only trusted models and MCP servers are deployed.
  • Policy Agent: Defines and enforces executable AI security guardrails for model use, data access, and compliance.
  • Fix Agent: Automatically resolves AI security issues through direct remediation or by initiating pull requests.
• Natural Language Policy Creation: This policy agent enables teams to proactively create and enforce security policies using natural language to govern the use of AI in development and runtime applications.
• Comprehensive Reporting: This reporting agent generates customizable insights across all agents, enabling faster and more flexible AI security risk reporting.

“This inspiration came from the OODA loop that fighter jet pilots are trained on,” Nair explained. “They’re getting a lot of data coming at them. They have a lot of very intelligent systems, but the training and the systems allow you to move very fast in this observatory and detect the act. That’s what’s very unique about our approach to agentic orchestration for security purposes.”

Nair called this solution a great opportunity for value-added resellers (VARs) and MSPs, saying that from an AI readiness perspective, it gives them an opportunity to explain to customers the amount of visibility they can attain — to know what they have and what is being built inside the environment.

“Taking customers through that maturity journey is something that we make very easy to light up and show you,” said Nair. “Here’s all the AI tools and the AI models and agents that might be being built in the team, but then using that kind of data to have a proper AI readiness journey mapping all that. AI security engineers is the other area that they’re looking at as an opportunity.”

Evo by Snyk is currently available in experimental preview for customers, with broader availability in early 2026.

In an earlier move to boost agentic AI security work, Snyk recently acquired Invariant Labs to enhance its AI Trust Platform. Learn more about this acquisition and how it will help the company boost defenses for AI-native software threats.