March 2026 Summaries
11 posts from Snyk
Filter
Month:
Year:
Post Summaries
Back to Blog
On March 31, 2026, two compromised versions of the popular JavaScript HTTP client library axios were briefly published on npm, exposing users to a severe security risk. These versions (1.14.1 and 0.30.4) included a hidden dependency that installed a cross-platform remote access trojan (RAT) on machines that used npm install during a specific two-hour window, potentially compromising CI/CD pipelines, developer environments, or build systems without any direct interaction with the Axios code itself. The attack originated from a hijacked npm maintainer account, which allowed the attacker to publish the malicious versions directly, bypassing typical safeguards against rogue packages. The RAT was designed to operate on macOS, Windows, and Linux platforms, executing commands and accessing system data. The malicious versions were swiftly removed from npm, but the incident highlights critical vulnerabilities in supply chain security, emphasizing the need for robust dependency management practices like lockfile enforcement and postinstall script auditing. The attack underscores the broader risks associated with maintainer account security and the implicit trust placed in widely used open-source packages.
Mar 30, 2026
1,910 words in the original blog post.
In the rapidly evolving landscape of AI-driven development, Snyk emphasizes the importance of a superior Developer Experience (DX) as crucial for securely harnessing AI innovation. This approach involves integrating security tools directly into developers' existing workflows, such as IDEs and pull request processes, to minimize context switching and enhance adoption. By presenting security information in a developer-friendly language and focusing on actionable resolutions rather than mere detection, Snyk aims to streamline the vulnerability management process. The company prioritizes clarity by distinguishing essential information from noise and provides AI-generated fix suggestions with plain-English explanations to build trust and understanding among developers. This commitment to enhancing DX is guided by principles that ensure security remains a facilitating factor rather than an obstacle as AI and human developers collaborate more closely.
Mar 26, 2026
1,402 words in the original blog post.
Snyk has launched Evo AI-SPM, the first operational layer of its AI Security Fabric, providing a system of record for AI risk by discovering AI models, frameworks, datasets, and agent infrastructures within code. This tool uncovers "Shadow AI" components hidden in repositories and developer environments, allowing them to be governed and assessed for security. Evo Agent Red Teaming automates adversarial testing by simulating attacks on AI endpoints to evaluate their security, focusing on scenarios like prompt manipulation and sensitive data exposure. The system provides structured findings that align with industry standards, enabling teams to understand vulnerabilities and demonstrate compliance. Evo's security lifecycle includes discovering AI assets, assessing their risk, testing under adversarial conditions, and feeding results into governance and remediation, offering a continuous validation cycle rather than isolated tools. This approach addresses the unique challenges of AI systems, which are prompt-driven, contextual, and non-deterministic, creating new attack surfaces that traditional security tools cannot effectively cover. Evo Agent Red Teaming integrates into developer workflows, allowing continuous security validation through local runs or CI/CD pipelines, thus making AI security testing part of everyday development rather than sporadic audits.
Mar 25, 2026
923 words in the original blog post.
On March 24, 2026, two versions of the litellm Python package published on PyPI were discovered to contain malicious code, attributed to the threat actor TeamPCP. These versions, 1.82.7 and 1.82.8, were uploaded after the attackers obtained the package maintainer's credentials through a previous compromise involving Trivy, a security scanner in LiteLLM's CI/CD pipeline. The packages included a three-stage payload designed for credential harvesting, encrypted exfiltration, and persistent backdoor installation, with the capability to spread through Kubernetes environments. The attack was quickly detected when a developer noticed system unresponsiveness due to a fork bomb caused by the malicious code. The compromised packages, which were available for about three hours before removal, prompted widespread community alerts and discussions, with affected projects taking immediate security measures. Snyk, a security management company, has been tracking the incident and providing updates, highlighting the broader pattern of targeting tools with elevated access in automated pipelines.
Mar 24, 2026
2,635 words in the original blog post.
Snyk introduces Agent Security and Evo AI-SPM to address the challenges of managing AI risks in organizations, particularly focusing on the lifecycle of AI agents from code to runtime. The article highlights the issue of "Shadow AI," where AI components are integrated into applications without centralized oversight, creating visibility and governance gaps. Evo AI-SPM provides a foundational system for tracking AI components, offering risk intelligence and enabling organizations to enforce governance policies across development workflows before reaching production. As AI agents increasingly automate software development and operations, Snyk's approach integrates security into CI/CD pipelines, monitors agent behavior, and enforces policies in real-time to prevent unsafe actions. The solution aims to provide comprehensive visibility and control over AI usage, ensuring that organizations can assess and mitigate risks effectively as these technologies become more embedded in modern software systems.
Mar 23, 2026
1,274 words in the original blog post.
The rapid advancement of AI-driven development has outpaced traditional security testing methods, necessitating a reevaluation of how Dynamic Security Testing (DAST) and Static Application Security Testing (SAST) work together. While static analysis tools have evolved to incorporate machine learning and semantic reasoning, allowing them to identify complex logic flaws directly from source code, they still cannot fully capture vulnerabilities that emerge from the interactions of distributed systems, such as microservices and AI agents. Dynamic Security Testing, on the other hand, can validate these vulnerabilities in live environments by assessing the interactions between components, highlighting the complementarity of DAST and AI-driven pentesting tools. As the industry moves towards integrating code-level intelligence with dynamic testing—often referred to as "grey-box" testing—security programs are expected to become more robust, offering precise insights into both the exploitability of vulnerabilities at runtime and their origins in the code. This convergence signifies a shift from using DAST as a compliance tool to a critical component of comprehensive security strategies in the AI era, bridging the gap between potential vulnerabilities identified by code analysis and those that are truly exploitable.
Mar 20, 2026
1,427 words in the original blog post.
The text highlights the challenges and implications of AI-generated code and AI agents on software security, emphasizing the need for dynamic testing to address security vulnerabilities effectively. It points out that while AI coding assistants significantly speed up development, they also produce code that is often insecure or exploitable, necessitating a shift in how testing is conducted. Static analysis tools, although useful, are insufficient to guarantee security in this fast-paced environment. The emergence of AI agents introduces a new attack surface, as they autonomously invoke APIs, often leading to access control failures. The text argues that traditional security processes are not equipped to handle the pace at which AI-generated code is produced, advocating for AI-powered dynamic testing that can distinguish genuine threats from false positives. This approach should correlate static and dynamic findings to provide high-confidence fixes, allowing developers to address security issues efficiently and confidently. The document also underscores the importance of continuous testing and API discovery in adapting to the evolving landscape of AI-driven software development, framing these practices as essential rather than optional in the modern era.
Mar 19, 2026
1,500 words in the original blog post.
Snyk is establishing a new hub in downtown San Francisco to focus on AI security, aiming to integrate security into AI development from the outset rather than as an afterthought. This move is strategically aligned with the concentration of AI innovators in the area, including partners like Anthropic, Cursor, Cognition, Arcade.dev, and Factory. The hub is intended to function as a collaborative space for AI engineers, offering technical sessions and hackathons to foster a culture where security is embedded in the DNA of AI projects. As the AI industry matures, Snyk emphasizes the importance of building AI applications with security integrated at every level, marking a shift towards proactive security measures that support scalable and innovative development. The company seeks to anchor the security layer within the rapidly evolving AI ecosystem and invites collaboration from AI developers both in San Francisco and globally.
Mar 18, 2026
421 words in the original blog post.
Agent skills are emerging as foundational elements in AI-native software development, offering structured and versioned contexts akin to npm packages or Python libraries, but with their distinct security challenges. Unlike traditional code, these skills consist of natural language instructions that guide autonomous agents, thus requiring a unique security approach. Snyk and Tessl have partnered to address these challenges by integrating security scanning directly into the Tessl Registry, providing each skill with a Snyk security score that informs developers about potential risks at the point of installation. This integration aims to prevent attacks that exploit the natural language instruction layer, such as prompt injection and malicious code payloads, by utilizing advanced scanning techniques that analyze behavioral intent rather than just known vulnerabilities. Tessl's registry operates like a package manager, offering version histories and quality scores, and the partnership with Snyk enhances this by ensuring security is a visible and persistent signal throughout a skill's lifecycle. This proactive approach seeks to establish trust in the agent skills ecosystem early, preventing the pitfalls experienced in the early days of other open-source platforms like npm and PyPI.
Mar 17, 2026
1,615 words in the original blog post.
Cursor's security team has developed a sophisticated system of four autonomous agents that can review over 3,000 pull requests (PRs) weekly, identifying more than 200 vulnerabilities, with the capability to automatically open fix PRs. The success of these agents relies on a remarkably concise prompt, but the real achievement lies in the underlying infrastructure, which includes a custom Model Context Protocol (MCP) server for state management and deduplication, a Terraform-managed deployment pipeline, and webhook orchestration. The agents operate primarily at the continuous integration (CI) layer, a point traditionally used for security, but the text argues that security processes should ideally begin earlier in the development cycle, directly within integrated development environments (IDEs). The importance of layered security is emphasized, with AI-driven detection supplemented by deterministic validation for optimized security measures. The text also highlights the need to secure the emerging "agentic supply chain," which involves the components AI development tools depend on, as these can introduce new vulnerabilities. Cursor's announcement of open-sourced automation templates marks a significant shift in how security tools are distributed, with the potential to integrate deterministic validation directly into agent workflows, thus enhancing the security architecture in AI-driven development environments.
Mar 17, 2026
3,777 words in the original blog post.
AI coding assistants are affecting the landscape of open source software by resurrecting abandoned packages, which poses new security risks in the software supply chain. Traditionally, developers have relied on social signals such as package popularity and community support to determine trustworthiness, but generative AI tools select packages based on statistical patterns from vast datasets, including outdated and unmaintained projects. This shift exposes developers to risks like unpatched vulnerabilities and AI hallucinations, where AI suggests non-existent or maliciously registered packages. To address these challenges, tools like Snyk Advisor and its Security Database aim to provide developers with visibility into package health by offering insights into security, maintenance, and community engagement, thus enabling informed decision-making when selecting dependencies. The approach emphasizes shifting focus from mere popularity to provenance and integrating real-time package health checks into development workflows to prevent untrusted packages from being incorporated into projects.
Mar 04, 2026
1,607 words in the original blog post.