Snyk has officially launched its entry into the rapidly evolving AI-powered penetration testing market with a new product, Evo Continuous Offensive Security (COS). This strategic move addresses what the company identifies as a critical gap in how enterprises currently discover and remediate vulnerabilities, particularly in an era increasingly defined by AI-generated code and sophisticated, autonomous attackers. Evo COS is positioned as a continuous, proactive security solution designed to augment and eventually supersede traditional, point-in-time penetration testing engagements.
The company unveiled Evo Continuous Offensive Security (COS) on Wednesday, presenting it as a continuous alternative to traditional pentesting engagements. These traditional methods, Snyk states, typically offer only about 15 days of coverage annually. This leaves an extensive 350-day window during which sophisticated, autonomous attackers can probe application surfaces with minimal detection. Manoj Nair, Snyk’s chief technology officer, emphasized the urgency of this shift in a statement: "The attacker side of this equation has already gone agentic – the question is whether you get there first." This highlights a perceived arms race where defensive strategies must rapidly adapt to offensive capabilities, especially as they become increasingly automated and intelligent.
The Widening Coverage Gap in Application Security
The timing of Snyk’s product launch aligns with a discernible market trend. According to the 2026 Latio Application Security Report, AI-powered penetration testing has emerged as the single most desired emerging capability among application security practitioners. This demand is further underscored by recent reporting from The New York Times, which highlighted "One Job That Is Growing in the A.I. Era? Cybersecurity Experts." An executive quoted in the article noted a dramatic acceleration in hiring: "Roles that typically come along every 12 months, we’re seeing those roles come along every week. I think it’s driven by fear and uncertainty in this A.I. arms race."
The fundamental reason for this accelerated demand is the rapid integration of AI into the software development lifecycle (SDLC). AI is now capable of generating code at a pace that outstrips the schedules of traditional testing methodologies. Furthermore, the vulnerabilities embedded within this AI-generated code are often more complex and elusive, proving difficult for conventional scanning tools to detect.
Janet Worthington, an analyst at Forrester Research, elaborated on this challenge in an interview with The New Stack. She explained that enterprises are actively compressing development cycles, moving from weeks to mere hours by leveraging AI coding agents. However, the applications produced by these agents are not immune to security flaws. They continue to harbor both classic vulnerabilities, such as cross-site scripting (XSS) and SQL injection, as well as novel, AI-specific threats like prompt injection, data leakage through model outputs, and privilege escalation attacks targeting AI systems. "AI-driven penetration testing is emerging as a critical solution," Worthington stated. "It is simulating real-world attacks to expose weaknesses at the speed and scale necessary to combat AI-driven attacks." This necessity drives the demand for security solutions that can keep pace with the accelerated development and the evolving threat landscape.
Distinguishing Vulnerability Classes in the AI Age
Nuno Loureiro, Senior Director of Product Strategy at Snyk, further elucidated the evolving nature of vulnerabilities in a blog post detailing the principles behind Evo COS. He draws a critical distinction between two primary classes of security flaws:
-
Heuristic-Detectable Flaws: These are vulnerabilities such as SQL injection and XSS, which can be reliably identified through deterministic tools. These tools employ pattern matching and payload probing to detect known exploit patterns.
-
Context-Dependent Vulnerabilities: This category includes more complex issues like authorization bypasses, business logic flaws, and chained exploits. These vulnerabilities can only be uncovered by understanding the intended functionality of an application and identifying ways to subvert that intent.
Historically, identifying this second class of vulnerabilities has heavily relied on the expertise of human penetration testers. Loureiro explains that no static rule or signature can inherently capture the nuanced concept of "intent." The vulnerability, in these cases, exists "in the gap between intended behavior and actual behavior."
However, Loureiro argues that the advancements in large language models (LLMs) have now enabled AI to cross this threshold. Because LLMs possess the capacity to reason about application context, they can now effectively exploit the very class of vulnerabilities that traditional scanners have historically overlooked. This capability is a cornerstone of Snyk’s approach to Evo COS.
The Platform Advantage: Contextualizing Offensive Security
Snyk’s core competitive assertion is that the intelligent integration of context is what differentiates its AI-powered penetration testing from the myriad of point solutions entering the market. Evo COS is designed to ingest and analyze signals from across the entire Snyk platform. This includes data from existing Static Application Security Testing (SAST) findings, Software Composition Analysis (SCA) results, historical Dynamic Application Security Testing (DAST) scans, and asset inventories. This comprehensive intelligence is fed to the AI agent before it initiates any offensive actions. Consequently, the system begins its assessment from a position of existing knowledge about the application, rather than starting from scratch.
This architectural decision carries significant technical and economic implications. Standalone LLM approaches often consume substantial computational resources on brute-force payload enumeration, a task that deterministic scanning tools can perform more rapidly and cost-effectively. Snyk’s design intelligently leverages deterministic scanning for well-understood vulnerability classes, reserving the advanced reasoning capabilities of LLMs for more complex issues such as business logic flaws, authorization gaps, and the construction of sophisticated exploit chains – areas where the computational investment is demonstrably justified.
The Evo COS product also incorporates a feature Snyk terms "Agent Red Teaming." This capability is specifically designed to target the attack surface created by LLM-integrated applications themselves. It focuses on vulnerabilities such as prompt injection, data exfiltration through model outputs, and "jailbreaks" that can transform AI agents into unauthorized privileged actors. The system’s reconnaissance layer automatically detects LLM components within an application and triggers red teaming protocols when they are present. Snyk emphasizes the importance of this feature, noting that most security teams lack a clear inventory of where AI is deployed within their production environments.
A key differentiator in Evo COS’s output is its focus on delivering exploit chains rather than mere ranked lists of alerts. This approach demonstrates how seemingly disparate vulnerabilities, such as an authorization gap and a business logic flaw, can be chained together to form a high-impact attack path. This design choice was influenced in part by direct customer feedback. Colleen Carroll, senior director and information security officer at Emburse, commented on the value of this approach: "Security teams are drowning in isolated findings. What Snyk’s continuous offensive security gives you is the narrative – how vulnerabilities chain together, how an attacker actually thinks." This provides a more holistic and actionable view of risk.
Navigating a Crowded and Evolving Market
Snyk enters a competitive landscape that already includes several players offering continuous AI-powered penetration testing solutions. Notable competitors in this space include Aikido and Beagle Security, both of which focus on similar continuous testing methodologies. Other established application security vendors such as Checkmarx, Veracode, and PortSwigger are also actively developing and integrating AI capabilities into their offerings.
Analysts like Janet Worthington see Application Security Posture Management (ASPM) vendors as being particularly well-positioned to lead in the AI penetration testing race. These vendors have the inherent advantage of correlating offensive testing results with a broad spectrum of security data, including SAST, DAST, SCA, infrastructure-as-code scans, and cloud security findings. Their ability to apply business context to these findings allows for more accurate prioritization of remediation efforts based on actual risk. Worthington highlights automated pull requests that can fix vulnerabilities without introducing regressions as a key differentiator in this rapidly advancing field.
"In the world where new AI models are continuing to find more and more vulnerabilities, enterprises need to act before attackers do," Worthington advised The New Stack. This sentiment underscores the proactive nature required in modern cybersecurity strategies. Snyk’s move is likely not the last in this evolving category. Worthington anticipates that more application security vendors will integrate AI penetration testing capabilities into their portfolios as the market matures and best practices become more established.
Evo COS is currently in early access and has already undergone initial deployments with design partners in the financial services and enterprise technology sectors. Snyk has announced that general availability for the product is targeted for Black Hat USA in August 2026, indicating a strategic roadmap for broader market penetration. The company’s investment in this area signals a strong belief in the transformative potential of AI to redefine how organizations approach application security testing and risk management.
