Snyk introduces Evo, an agentic security orchestration system for AI-native applications. The platform is designed to help organizations manage the security of GenAI and agentic systems through coordinated agent actions.
The rise of agentic AI is creating a new landscape with non-deterministic applications and an unpredictable supply chain. Traditional security models are falling short, according to Snyk. Organizations are struggling with external attacks (e.g., prompt injection) and internal risks from “Shadow AI.”
“Security can’t just keep pace – it must lead the charge,” says Peter McKay, CEO of Snyk. “With Evo, we’re not just securing code – we’re architecting the trust that will unlock the full potential of tomorrow’s agentic systems for the modern enterprise.”
Evo operates according to the OODA loop (Observe, Orient, Decide, Act) framework used to train fighter pilots in military situations.
Evo orchestrates multiple security agents
The system can orchestrate multiple agents, automate agentic workflows, and proactively enforce governance throughout the AI development cycle. Teams can discover AI components, analyze contextual risks, prioritize actions, and set policies through a single interface.
The Workflow Agent acts as an intelligent coordinator. It combines multiple specialized Task Agents into powerful workflows from a single natural language prompt. The agent transcends all agent usage within an organization and orchestrates both Snyk and non-Snyk agents.
Companies can create and enforce security policies using natural language. The Policy Agent enables organizations to proactively manage governance for model usage, data access, and compliance.
Wide range of specialized agents
Snyk built several autonomous Task Agents for specific tasks. The Discovery Agent automatically maps all AI models, datasets, and MCPs. This provides a complete overview of AI usage within the organization.
The Secure by Design Threat Modeling Agent builds live AI threat models from code. It flags risks such as prompt injection with clear remediation paths. The Red Teaming Agent performs autonomous adversarial testing of models, agents, and applications.
The MCP Scan Agent provides full visibility into all MCP servers within developer environments. It monitors usage and enforces real-time guardrails. The AI Risk Registry Agent continuously evaluates AI component risks by analyzing security, compliance, and data controls.
Finally, the Reporting Agent generates customizable insights across all agents. This enables faster and more flexible AI security risk reporting.
Evo is now available in experimental preview for existing customers. Wider availability will follow in early 2026. Customers can sign up at evo.ai.snyk.io or apply to become a design partner.