Snyk

Our CRO Tom Nielsen sat down with Kyle Alspach at CRN to talk about what's keeping security teams up at night: AI coding agents are shipping code faster than security teams can review it. That's not a future problem; it's the reality reshaping how enterprises think about risk right now. Partners embedded directly in customer environments are uniquely positioned to help govern AI-driven development at scale. Mark Thornberry, SVP of Partnerships at GuidePoint Security, joined the conversation and put it well: the big questions customers are asking right now are "How is AI being used? How can it impact my business? And what do I need to go do?" Read the full story here: https://lnkd.in/eMTy8brd

Another day another critical compromise ‼️ Yesterday we published coverage of the AntV npm supply chain attack. Today, the same campaign appears to have reached PyPI. `durabletask`, a Microsoft-associated Python package for workflow orchestration, was found to contain a malicious payload acting as a dropper. It fetches a second-stage payload (`rope.pyz`) from an attacker-controlled server, then executes a full infostealer targeting cloud provider credentials, password managers, and developer tools. The same release also includes a worm component and a disk wiper. The credential harvesting runs on Linux systems only. Snyk has catalogued this under SNYK-PYTHON-DURABLETASK-16761538 and has the package health page updated. Snyk customers can review exposure through the “Active Security Incident Assessment for Antv Supply Chain Compromise - May 2026” Zero Day Report in-app. With ~103K weekly downloads, the direct blast radius of this specific compromise is relatively contained. That said, the pattern of a campaign progressively targeting higher-profile and more broadly trusted package ecosystems warrants attention. Full details and detection steps: https://lnkd.in/dJn2fAT8

AI-native software changes the way we build. It also changes the way we think about security. This Thursday, Tessl and Snyk are hosting a Live Brunch & Learn on securing the next generation of AI-powered applications and agents. We’ll dig into: → Building secure AI software without slowing teams down → Detecting malware payloads and credential mishandling before agents execute → What the future of AI security engineering looks like 📍 Join Dru Knox (Tessl) and Fred Oliveira (Snyk) this Thursday for good food, great conversations, and practical insights from teams shaping the future of AI engineering. 11:00 AM CEST | 10:00 AM BST ⏰ Today is the last day to sign up here → https://lnkd.in/eGGJwYuF

"Security is always a team sport. The model companies need to figure out that's how security works. And they are." ⬅️ This line is the core message of my chat with Stephen Council for this piece in Business Insider. The model companies can't do security on their own. The good news is they know it. That's why they're partnering with established security leaders like Snyk The cybersecurity industry is changing daily because of these two giants, and I've been fortunate to work closely with leadership at both OpenAI and Anthropic. It leaves me feeling more confident than ever that the agentic era can become the era of secure at inception. A few things stand out to me: 1. Frontier capability is finally being paired with frontier responsibility. Anthropic's deliberate, partner-led approach with Mythos, and OpenAI's tiered Trusted Access framework around Daybreak, show that the model companies understand the dual-use stakes. But the reason those frameworks have teeth is the AppSec expertise, threat modeling, and remediation workflows that partners like Snyk bring to the table. 2. The center of gravity is shifting upstream. Security engineered with and for AI doesn't just help us find vulnerabilities faster; it collapses the cost, time, and complexity of remediation. That's the real unlock. MTTR goes from days to minutes when the agent becomes the system of execution. 3. But — and Jen Easterly has been saying this for years — we don't just have a cybersecurity problem. We have a software quality problem. Agents don't change that. Humans in the loop, judgment, and institutional discipline still matter. It’s what security leaders bring that frontier labs, on their own, cannot. This is why Snyk is proud to partner with both OpenAI and Anthropic . It's a team sport. Defenders finally have a chance at an asymmetrical advantage and we are going to take it. Read the full piece here: https://lnkd.in/eD_fH34D

300+ malicious package versions across 323 packages in a 22-minute automated burst 💥 The target: the AntV data visualization ecosystem. Packages like @antv/g2, @antv/g6, @antv/x6, echarts-for-react, and timeago.js collectively represent around 16 million weekly downloads per week. The malware harvests AWS, GCP, Azure, GitHub, Kubernetes, Vault, and database credentials. It runs on npm install via a preinstall hook — no interaction required beyond a routine dependency update. This is the fifth wave of the Mini Shai-Hulud campaign, which TeamPCP has been running since September 2025. Each wave has been larger and more persistent than the last. If you use any @antv packages or related dependencies, check your lockfile for versions published today (May 19, 2026) between 01:39 and 02:18 UTC. Full technical breakdown, detection commands, and remediation steps: https://lnkd.in/ez_T-Jyc

Snyk is hitting the road for the most exciting soccer watch parties of the summer, and you're invited ⚽️🏆 We're rolling into 9 cities across North America to catch the world's biggest matches alongside the security pros defending the AI era. Grab your seat before they're gone: https://wc.snyk.io/

🔊 SOUND ON 🔊 Snyk customers really are the best 💜 One was so pumped about Evo that they wrote a neo-soul hype song about hitting the ultimate flow state while running security checks. Happy Customer Appreciation Day!

AI is changing how software gets built, and security teams are being forced to rethink how they secure developer and agentic workflows. Whether you are in Development, Security, or just interested in learning more about Snyk, come join me and the team on June 17th at Mutation Brewery in Sandy Springs. We will be covering topics such as: • AI-native AppSec • Securing AI-generated code and agents • Developer-first security at scale • What teams are seeing in the real world If you’re local, I would love to see you there: WHERE: Mutation Brewery WHEN: Wednesday, June 17th 3p - 5p Registration Page: https://lnkd.in/eNesYbxc Agenda 3:00 pm — Networking Happy Hour 3:30 pm — AI ‘Red Team’ Challenge 4:15 pm — Vibe Coding Battles 5:30 pm — Meetup Concludes Not in Atlanta? We also have 7 other cities and 3 virtual sessions available: https://wc.snyk.io/ #AI #AppSec #DevSecOps #CyberSecurity #Snyk cc: Michael Romano, Bob Wolff, Hayden Palozej