Snyk (@snyksec) / X

Snyk

13.1K posts

Snyk

@snyksec

Trust AI at full speed with Snyk. System status: snyk.statuspage.io

🌍 Global

Joined May 2015

Pinned
Snyk
@snyksec
Feb 3
AI is writing code at machine speed. Now, your security can close the gap with the Snyk AI Security Fabric. Learn more about the industry’s first security layer for continuous defense across the entire SLDC here 👉 snyk.io/news/snyk-ai-s…
00:00
7.3K
Snyk
@snyksec
11h
Untrusted inputs. Unbounded actions. Unverified output. That's the AI workforce risk no one was governing…until now. See Evo Agentic Development Security in action below. Full announcement here: snyk.io/news/snyk-laun…
00:00
304
Snyk reposted
Liran Tal
@liran_tal
15h
Color me excited for @snyksec's new mission on Agentic Development Security It's an enforcement layer that operates inside the agent execution loop across three layers: 1. securing the agent supply chain before agents interact with it 2. governing agent behavior at runtime 3.
622
Snyk
@snyksec
17h
A year ago, a developer wrote your code. Six months ago, a developer with an AI assistant. Today? An AI agent...autonomously…and nobody is watching. Evo Agentic Development Security changes that. snyk.io/news/snyk-laun…
00:00
502
Snyk reposted
AI Security Engineers
@aiseceng
Jun 22
Munich AI Builders 🤖 AI agents don't just generate text — they use tools, call APIs & make decisions. @chrfritz from @qaware is breaking down SAIF 2.0 & the new attack vectors this creates. July 2, Munich 🔒 👉
AI Security Night Munich · Luma
From luma.com
263
Snyk
@snyksec
Jun 22
Every generation has its fire. Ours is AI. The question has never been whether to use it — it's how you contain it. Evo is how you secure the burn.
00:00
577
Snyk reposted
AI Security Engineers
@aiseceng
Jun 22
Dallas AI hackers! Your city, your stage—We're sponsoring you to lead an AI Security Meetup and inspire your friends. bit.ly/4cxAE81
280
Snyk
@snyksec
Jun 18
That's a wrap on AWS Summit NYC. 🗽 The theme was impossible to miss: agents are writing more of the code, and they're writing it fast. Every conversation at our booth circled the same question — who's securing what the agents ship? That's exactly what we came to show. Evo by
543
Snyk
@snyksec
Jun 18
Open source maintainers keep the internet running. Most do it for free, alone, and without enterprise security tooling 🥵 That's what the @Snyk Secure Developer Program is for. Qualifying maintainers get the full Snyk AI Security Platform (the same platform Fortune 500s pay
GIF
443
Snyk
@snyksec
Jun 17
Snyk is architecting a comprehensive AI security experience at the first-ever AI Security track at AI Engineer World's Fair. We've brought together speakers from NVIDIA, Anthropic, dbt Labs, Keycard, Accenture, Form3, and The Carlyle Group to architect sessions around one core
378
Snyk
@snyksec
Jun 17
😮 A dormant contributor's npm account nobody bothered to revoke just got the entire @mastra scope trojanized. 140+ packages, ~4M monthly downloads on @mastra/core alone, all carrying a fake "easy-day-js" dependency that drops a crypto-wallet stealer on install. Kudos to the
snyk.io
Mastra npm Scope Takeover | Snyk
A dormant contributor account was used to republish the entire @mastra npm scope (more than 100 packages), each injected with a single dependency, easy-day-js, that drops a cross-platform cryptocur...
1.3K
Snyk
@snyksec
Jun 17
🚨 BREKAING: Mastra npm package compromise On June 17, 2026, an attacker republished the entire @mastra npm scope. 140+ packages, including @mastra/core, all trojanized in a single overnight burst The way in wasn't a clever exploit. It was a former contributor's account whose
3.6K
Snyk
@snyksec
Jun 17
Replying to @snyksec
4/ easy-day-js poses as dayjs, but its postinstall hook is a dropper: it switches off TLS verification, pulls a second stage from a raw IP, and runs a cross-platform crypto-wallet stealer + RAT in the background, then deletes itself. MetaMask, Phantom, Coinbase Wallet, and more.
341
Snyk
@snyksec
Jun 17
5/ The good news: Mastra's source was never touched (poison was injected at publish time) and clean versions are already out. Check now: npm ls easy-day-js If it's there, treat the host as compromised: rotate creds, move wallets, upgrade clean. Full breakdown 👇
snyk.io
Mastra npm Scope Takeover | Snyk
A dormant contributor account was used to republish the entire @mastra npm scope (more than 100 packages), each injected with a single dependency, easy-day-js, that drops a cross-platform cryptocur...
244
Snyk reposted
AI Security Engineers
@aiseceng
Jun 11
Join our new Miami AI Security Meetup 🚀 June 13. @_clarkio, @snyksec breaks down Rules, Skills, Hooks & MCP—and how to use them safely, with @rodsoto hosting the meetup
AI Security Meetup with Hack Miami, Sat, Jun 13, 2026, 3:00 PM | Meetup
From meetup.com
711