Snyk

Security, compliance, and counsel tend to go hand-in-hand, especially ion the era of agentic AI adoption 👾 Our Legal Director, Kathryn "Kate" Helin, joined the Future of Data Security podcast to discuss governing agentic AI before the regulatory guidance catches up. Read her thoughts and and listen to the full conversation here: https://lnkd.in/eCp7qmdA

AI agents don't execute traditional code — they consume skills written in natural language. And that changes everything about how attacks work. Snyk's recent research shows 36% of public AI skills contain prompt injections. A simple markdown file can be enough to redirect an agent, steal data, or execute actions no one intended. This is the agent skill supply chain problem. And it's moving faster than most teams realise. For the May edition of our Brunch & Learn series, we're partnering with Tessl to show exactly what defending this looks like in practice. ❓ Snyk × Tessl | Securing the Agent Skill Supply Chain 📅 Thursday, 21st May | 10:00 AM BST In 45 minutes, Krzysztof Huszcza and Dru Knox will walk through how Snyk security intelligence is now embedded directly in the Tessl Registry — making every skill vettable before an agent ever runs it. → Register for you spot now: https://lnkd.in/eAwA2BSm #AIAgents #AgentSecurity #DevSecOps

What even is Shadow AI? Watch below to find out 🤖

🎙️ New talk alert!  Toxic Flows: When your agent skill becomes a supply chain attack. AI agents are getting things done. The problem? They're also great at following instructions they were never meant to receive. There's a class of attack where the exploit is written in plain English, hides in a markdown file, and your entire security stack walks right past it. No CVE. No patch. Just an agent doing exactly what it was told. Joining The Register tomorrow to talk about what this looks like in practice and what you can actually do about it. Link. https://lnkd.in/eVCsHYYj Snyk #security #cybersecurity #AI

Join Snyk, Qodo, and Google Cloud for a Boston Tech Week meet-up focused on how engineering teams are shipping AI-driven code at speed without sacrificing quality or security. Speakers from Google Cloud , Qodo, and Snyk will dig into how leading engineering teams are setting guardrails for AI-generated code, embedding quality and security gates early in the SDLC, and automatically remediating vulnerabilities before they ever reach production. Save your spot 👉 https://lnkd.in/gqKgK3NU

Did you hear about the massive 42-package critical TanStack compromise? 👀 Attackers hijacked TanStack's legitimate release pipeline mid-workflow, extracted a trusted OIDC token from runner memory, and published malicious packages with valid SLSA provenance. The worm then self-propagated to Mistral AI, UiPath, and dozens more using stolen npm identities. Swipe through to see all the compromised packages, then read the full breakdown here: https://lnkd.in/eK_dQhuD

Looks like it’s gonna be a stadium Summer for me ⚽️🩵 Your girl’s been busy getting into shape to bring the #SnykConnect community together across the US and Canada for a series of meetups and watch parties you won’t want to miss!! These Community Jams will have live hacking & head-to-head #AISec challenges, stadium-style eats, and giveaways worthy of a champion 🏆 Whether you’re a die-hard dev or just in it for the vibes, the Snyk Fan Zone is all about leveling up your security's defensive game. So many cities, so little time: https://wc.snyk.io/

Snyk and Claude Code are better together. That’s why we’re embedding Anthropic's models into the Snyk AI Security Platform! See what it looks like in action below ⬇️ Check out the press release here: https://lnkd.in/ew8KNUdE

We’re on the up-and-up in Lisbon 🚋 🇵🇹 and there’s never been a better time to join the team at Snyk. View our open roles here: https://lnkd.in/e9HUYmBW

Attackers aren’t just using AI; they’re weaponizing it. To stay ahead, defenders need speed and precision. We’re proud to be featured in OpenAI’s latest announcement. Manoj Nair, our Chief Innovation Officer, highlighting how Snyk is leveraging GPT-5.5 and Trusted Access for Cyber to secure the global software supply chain. Together, we’re stopping malicious code and vulnerable dependencies before they ever reach production. Read their full update here: https://lnkd.in/d3VwBwr4