AI Agent Environment and Skill Adoption (Snyk Telemetry)
Percentage / countDevelopers using ≥2 AI envs
Environments with MCP servers
Skills per developer (pilot)
Key data behind the update
Nearly half of developers now juggle two or more agent systems, complicating uniform security coverage.
More than half of surveyed environments already run architecture components (MCP servers) that enable complex agent integrations.
A significant subset faces severe security issues directly linked to agent architectures.
A quarter of pilot developers experimented with extending their agents with modular 'skills,' raising oversight needs.
The average number of skills is high, increasing the exposure surface.
A notable fraction of agent functions bridge to outside systems, introducing vendor and supply chain risk.
Why it matters for Snyk Evo ADS
If enterprises adopt in-agent security monitoring, core software and workflow architectures must support continuous oversight at runtime, reshaping how automation, compliance, and risk are managed for digital systems and business operations platforms.
Context behind Snyk Evo ADS
AI coding agents have shifted from assistive tools to autonomous entities influencing production systems by connecting through MCP servers and plugins. Security frameworks historically lag integration and workflow complexity, leaving blind spots in live automation.
Workflow impact
- Agent workflow security may become a standard compliance requirement in heavily automated environments.
- Vendors supporting MCP, plugin, or external tool integrations will face pressure for auditability and trust signals.
- Internal tool and platform developers must reconsider security boundaries—beyond static code outputs.
Comparison criteria
In-workflow, real-time control over agent actions, integrations, and skills.
Security shifts from artifact-level to process-level control.Ongoing inventory of agents, MCP servers, skills implemented.
Improved compliance and response to unknown agent behavior.Agent tool selection and external calls are vetted before use.
Potential to stop supply chain attacks earlier.Telemetry shows increasing complexity and risk in agent setups.
Adoption likely only if threat surface is recognized as critical.Timeline
- Pre-June 2026
Code scanning post-development is standard; Few products focus on agent-integration oversight.
- June 24, 2026
Snyk formally launches Evo ADS, targeting agent workflow control during the AI Engineer World’s Fair.
- June 29, 2026
Evo ADS general availability planned.
- Post-launch (next 6-12 months)
Key market behaviors to watch: enterprise mandates, third-party auditing integration, and competitive product launches.
Signals to watch
Would indicate broader industry consensus that agent oversight is a must-have.
Could make Evo ADS-like systems mandatory for certain sectors.
Demonstrates direct consequences and accelerates model adoption.
Would formalize the shift away from static artifact assessment.
Will In-Workflow Security Overtake Code Scanning for Autonomous Agents?
Changing Risk: AI Agents Exceed Scanning Boundaries
Autonomous agents increasingly connect directly to internal systems via plugins and MCP servers, adding new runtime risks.
Traditional security often scans code after writing, leaving a gap for agent-driven behaviors that alter systems in real time.
- Complexity grows as 43% of developers juggle multiple environments.
- Half of live systems already embed agent integration points.
- Critical security issues are actively present in agent kernel setups.
Evo ADS: Mechanism and Market Aspiration
Evo ADS inserts control at three levels: pre-use vetting of tools and skills, live workflow enforcement, and real-time code vulnerability tracking.
Snyk positions this as a plug-and-play gap filler—essential for regulated or risk-sensitive sectors adopting generative agents.
- Applies policy before agent actions occur.
- Scans and fixes vulnerabilities within the agent workflow.
- Pushes toward centralized inventory management for agent tooling.
Confirmed Threat: From PoC to Exploits
Snyk’s documented attacks include back-doored libraries and prompt injection hidden in dependencies accessed by agents.
These risks often bypass traditional security alerting, surfacing only after systems are compromised.
- Demonstrated real-world agent toolchain compromise.
- Agent skills referencing external instructions elevate supply chain exposure.
What Might Validate a True Market Shift?
Signals would include: adoption requirements in enterprise policy, auditor or regulatory updates, and responses from platform vendors.
If such developments fail to materialize, status quo code-scanning may persist—leaving risks unresolved.
- Market uptake by major cloud/platform vendors would validate the shift.
- Third-party security frameworks requiring live oversight would entrench it.