Snyk has expanded its AI Security Platform with the launch of Evo Agentic Development Security (ADS), a new capability designed to govern and secure autonomous AI agents increasingly responsible for enterprise software development.
Announced from Boston, the solution introduces a real-time enforcement layer embedded directly within AI-driven development workflows. It is aimed at addressing a growing gap in existing security models, which typically focus on scanning code after it is written rather than controlling the behaviour and inputs of the agents generating it.
The move reflects a broader shift in software engineering, where AI coding assistants are evolving into autonomous agents capable of invoking external tools, accessing internal systems and generating production-ready code with minimal human oversight. These agents often operate through integrations such as Model Context Protocol (MCP) servers, plugins and third-party tools, creating a complex and largely ungoverned attack surface.
Snyk said its anonymised telemetry from nearly 9,700 developer environments highlights the scale of the issue. Around 43% of developers are now running multiple AI coding environments simultaneously, while more than half have MCP servers installed. In some cases, environments included over 80 active MCP connections, enabling broad access to code repositories, browsers and enterprise systems without dedicated security controls.
The associated risks are already materialising. The company found that one in 12 developers using MCP servers had at least one high or critical security issue, while nearly a quarter had installed agent “skills” that may introduce vulnerabilities through external dependencies or unverified instructions.
Evo ADS seeks to address these risks through three core capabilities. First, it secures the agent supply chain by discovering and assessing external tools, MCP servers and dependencies before they are used. Second, it governs agent behaviour in real time, enforcing policies on what agents can access and execute, and blocking harmful actions before they occur. Third, it ensures trusted output by identifying and fixing vulnerabilities in AI-generated code at the point of creation.
“Autonomous agents have outpaced the security models designed to govern them,” said Manoj Nair, chief technology and innovation officer at Snyk. “The question is no longer whether your team is using AI agents, but whether you have a governance layer.”
Industry practitioners are already responding to the emerging threat landscape. Relay Network, which deploys multiple AI coding tools across its engineering teams, has integrated Snyk’s platform to enforce controls within its development workflows. The company cited risks including supply chain attacks, malicious agent skills and unregulated execution paths.
The launch also forms part of Snyk’s broader AI Security Fabric, which combines visibility, offensive testing and governance across the AI lifecycle—from development to deployment.










