AI is shipping code faster than security was built to handle

Snyk has entered the AI-powered penetration testing market with a new product it says addresses the gap in how enterprises find and fix vulnerabilities in an era of AI-generated code and agentic attackers.

The company unveiled Evo Continuous Offensive Security (COS) on Wednesday, positioning it as a continuous alternative to traditional pentesting engagements that average 15 days of coverage per year — leaving a 350-day window during which autonomous attackers can probe application surfaces unimpeded, the company says.

“The attacker side of this equation has already gone agentic — the question is whether you get there first,” said Manoj Nair, Snyk’s chief technology officer, in a statement.

The coverage gap

The timing reflects a broader market shift. According to the 2026 Latio Application Security Report, AI pentesting is now the single most desired emerging capability among application security practitioners. Moreover, The New York Times recently reported that “One Job That Is Growing in the A.I. Era? Cybersecurity Experts.” Indeed, in the article, a headhunter says: “Roles that typically come along every 12 months, we’re seeing those roles come along every week. I think it’s driven by fear and uncertainty in this A.I. arms race.”

The reason is straightforward. AI is shipping code faster than testing schedules were designed to handle, and the vulnerabilities that code carries are increasingly difficult to catch with traditional scanning tools.

Janet Worthington, an analyst at Forrester Research, tells The New Stack that enterprises are compressing development cycles from weeks to hours using AI coding agents, but the applications those agents produce still carry both classic flaws — cross-site scripting, SQL injection, exposed secrets — and AI-specific threats including prompt injection, data leakage, and privilege escalation.

“AI-driven penetration testing is emerging as a critical solution,” Worthington says. “[It is] simulating real-world attacks to expose weaknesses at the speed and scale necessary to combat AI-driven attacks.”

Two classes of vulnerability

In a blog post, Nuno Loureiro, Senior Director of Product Strategy at Snyk, draws a distinction between two classes of vulnerability. The first — heuristic-detectable flaws like SQL injection and XSS — yields reliably to deterministic tools via pattern matching and payload probing. The second class is context-dependent: authorization bypasses, business logic flaws, and chained exploits that can only be found by understanding what an application is actually meant to do, and whether that intent can be subverted.

That second category has historically required human pentesters because no rule or signature can capture intent, Loureiro notes.

“The vulnerability lives in the gap between intended behavior and actual behavior,” Loureiro writes in the post.

His argument is that large language models have now crossed that threshold. Because LLMs can reason about application context, they can exploit a class of vulnerabilities that scanners have always missed.

The platform argument

Snyk’s central competitive claim is that context is what separates production-grade AI pentesting from the point solutions flooding the market. Evo COS ingests signals from across the Snyk platform — existing Static Application Security Testing (SAST) findings, software composition analysis results, prior Dynamic Application Security Testing (DAST) scans, asset inventories — and feeds that intelligence to the AI agent before it sends a single request. The system starts from what Snyk already knows about an application rather than from scratch.

That architectural choice has economic implications as well as technical ones. Pure LLM approaches burn frontier-model compute on brute-force payload enumeration, which deterministic scanning handles faster and more cheaply. Snyk’s design uses deterministic scanning for well-understood vulnerability classes and reserves LLM reasoning for business logic flaws, authorization gaps, and exploit chain construction — where the compute investment is justified.

The product also includes what Snyk calls Agent Red Teaming, targeting the attack surface created by LLM-integrated applications themselves: prompt injection, data exfiltration through model outputs, and jailbreaks that turn AI agents into privileged actors. The system’s recon layer detects LLM components automatically and triggers red teaming when they’re present, which Snyk argues matters because most security teams lack a clear inventory of where AI is running in their production environments.

Output is delivered as exploit chains rather than ranked alert lists — showing how an authorization gap and a logic flaw combine into a high-impact attack path — a design choice driven in part by customer feedback.

“Security teams are drowning in isolated findings,” says Colleen Carroll, senior director and information security officer at Emburse, in a statement. “What Snyk’s continuous offensive security gives you is the narrative — how vulnerabilities chain together, how an attacker actually thinks.”

A crowded market

Snyk’s competitors in this space are many, including Aikido and Beagle Security, which offer continuous AI-powered pentesting. Other competitors include Checkmarx, Veracode, and PortSwigger.

Worthington sees Application Security Posture Management vendors as particularly well-positioned in the AI pentesting race, given their ability to correlate offensive testing results with SAST, DAST, Software Composition Analysis, infrastructure-as-code scans, and cloud security findings — and apply business context to prioritize remediation by actual risk. The differentiator she singles out is automated pull requests that fix vulnerabilities without introducing regressions.

“In the world where Mythos-preview is continuing to find more and more vulnerabilities, enterprises need to act before attackers do,” she tells The New Stack.

Snyk’s move is unlikely to be the last. Worthington says she expects more application security vendors to add AI pentesting to their portfolios as the category matures.

Evo COS is now in early access and has already been deployed with design partners in financial services and enterprise technology. General availability is targeted for Black Hat USA in August 2026, the company says.

The post AI is shipping code faster than security was built to handle appeared first on The New Stack.