Snyk today launched Evo Agentic Development Security (Evo ADS), a security layer built to police autonomous AI coding agents that increasingly build enterprise software without human oversight. The product governs the tools an agent pulls in, the actions it takes while running, and the code it generates - enforcing controls inside the agent's workflow rather than scanning output after the fact.
Evo ADS arrives as AI coding assistants have turned into autonomous agents that call external tools, take actions and connect to internal systems through Model Context Protocol (MCP) servers, plugins and third-party integrations. Conventional security tools scan code after it is written and have no view into those connections or into what an agent does at runtime.
Three-stage control inside the agent workflow
The product splits its controls across three stages. It vets the MCP servers, skills and external tools an agent uses before the agent touches them, monitors and enforces policy on what an agent does as it runs, and scans and fixes vulnerabilities in AI-generated code as it is created. "Ask a security leader for a complete inventory of the AI agents, MCP servers and skills running across their developer machines and in most organizations that inventory doesn't exist," said Manoj Nair, chief technology and innovation officer at Snyk. "That is the gap Evo ADS closes."
What Snyk found in developer environments
Snyk backed the launch with telemetry from nearly 9,700 developer environments. The data showed that 43% of developers run two or more AI coding environments at the same time, and more than half have MCP servers installed - the most heavily instrumented environment ran more than 80 at once. One in 12 developers with MCP servers had a high or critical finding.
A separate look at early enterprise design partners found that nearly one in four developers had at least one agent skill installed, averaging 18 each, and more than one in 10 of those skills referenced external dependencies or externally hosted instructions. Snyk has also documented working attacks through the agent toolchain, including a poisoned security scanner that back-doored the LiteLLM library and prompt injection buried in dependencies that agents consume.
Platform context and early adoption
The launch rounds out the Snyk AI Security Platform, which now spans Evo AI-SPM for visibility into AI assets and Evo Continuous Offensive Security for simulated attacks. Among early users is Relay Network LLC, whose engineering teams run GitHub Copilot, Codex and Windsurf and are moving to Claude Code as their primary coding assistant. Evo ADS was timed to the AI Engineer World's Fair, where Snyk is the exclusive sponsor of the event's first security track. General availability is scheduled for June 29.
Why this matters for IT and Development
Autonomous coding agents are pulling in tools, skills and dependencies that most security teams cannot see, let alone govern. Evo ADS gives development and security leaders a way to enforce policy at the agent level before code reaches a repository. For teams already running multiple AI coding environments and MCP servers, the ability to inventory and control those components directly inside the agent workflow closes a blind spot that conventional SAST and DAST tools were never built to address.
Your membership also unlocks:
