Snyk Betting on AI Engineers
Snyk
This bet is really about moving Snyk closer to the point where AI made software gets created, not just where normal code gets reviewed later. AI engineers generate more code, test more ideas, and spin up more agents and model connections, which creates more chances for insecure packages, unsafe prompts, exposed secrets, and risky tool use. That makes security products that rank and fix issues inside AI workflows more valuable than tools built mainly for slower, human written development.
-
Snyk already has evidence that AI aligned products are where growth is coming from. Snyk Code crossed $100M ARR in 2024 and reached roughly 40% of total ARR by February 2026, helping offset weakness in the older open source scanning business. The AI engineer push follows the part of the portfolio that is still gaining share inside accounts.
-
The buyer workflow is changing. Instead of only scanning repos after a pull request, newer products sit inside Cursor, Copilot, Claude, and MCP based agent workflows, warning on risky code as it is generated. Endor Labs does this with AURI, and Semgrep added an MCP server so assistants can scan code in real time. Snyk bought Invariant Labs to cover agent and model level threats in the same shift.
-
This also changes who controls budget. Traditional developer security often sold into AppSec teams. AI security can attach to platform engineering, cloud, and emerging AI infrastructure budgets because it covers model behavior, agent tool access, and security noise from much higher code volume. That is why this is a TAM expansion move, not just a messaging tweak.
The next step is a race to become the default safety layer inside AI coding and agent systems. If Snyk can make its AI Trust Platform, Invariant Labs technology, and developer workflow integrations feel like one always on guardrail, it can grow beyond classic AppSec and sell into the new operating stack that AI engineering teams are building now.