Snyk unveiled Evo AI-SPM at RSAC 2026 to govern autonomous coding agents and address governance and security gaps in AI-powered development.

Early access results from WEX demonstrate rapid visibility into AI components, underscoring the platform’s practical value for organizations starting from scratch.

Traditional governance tools fail to enforce policies in real time as models, tools, and agents evolve, leading to untracked components and hidden production access.

Snyk stresses the need for dynamic verification beyond static checks, incorporating environment context, agent capabilities, and runtime testing to audit outputs.

Agent ecosystems introduce risks through MCP servers and agent skills, with a sizable share of skills registries containing security issues or malware.

The goal is real-time visibility into AI components and policy compliance, addressing the broader software supply chain governance challenge posed by agentic architectures.

Evo AI-SPM and API/Web testing are generally available; Agent Scan and Agent Red Teaming are in open preview; Agent Guard is in private preview.

AI-generated code exhibits higher defect rates and security vulnerabilities than human-written code, with problems clustering in business logic and authorization areas.

Evo AI-SPM is built around three automated agents: Discovery Agent (live AI Bill of Materials), Risk Intelligence Agent (security context and vulnerability signals), and Policy Agent (machine-enforceable guardrails in CI pipelines).

Snyk opened a San Francisco innovation hub to embed in the AI development ecosystem and foster broader collaboration.

While the AI-SPM category is crowded, the core problem—visibility and enforceable governance of autonomous coding agents—remains real and critical.