Snyk Unveils Evo Continuous Offensive Security to Bring AI-Native Pentesting to the Enterprise

Continuous, context-aware pentesting for AI-generated code — cutting through the noise that context-free point solutions can't

BOSTON, May 27, 2026 (GLOBE NEWSWIRE) -- Snyk, the AI security company, today unveiled Evo Continuous Offensive Security (COS), a new solution in Evo by Snyk that uses AI-native offensive testing to continuously uncover exploitable risk across modern applications.

The average pentest engagement spans 15 days, leaving a 350-day window for agentic attackers to exploit. As autonomous threats continuously probe enterprise defenses, organizations must uncover vulnerabilities at machine speed before AI-driven attacks occur. To bridge this gap, Evo COS moves beyond standard API wrappers and single LLM implementations. Snyk has engineered a purpose-built, multi-model harness that coordinates frontier models with proprietary security engines. By grounding the system in an organization's specific deployment environment, trust boundaries, and data flows, Evo COS distinguishes theoretical findings from genuinely exploitable risks with targeted precision. Today, Evo COS is already securing several of the world’s largest financial services and technology firms at scale.

According to the 2026 Latio Application Security Report, AI pentesting is the single most desired emerging capability among application security practitioners — a critical priority for teams recognizing that annual testing schedules were designed for human development cycles, not for AI that ships code at machine speed. The market is responding, however, point solutions lack the platform context that production-grade security demands. As a core component of Evo by Snyk, Evo COS joins Evo AI-SPM to extend the platform from visibility and governance into active offensive testing.

“Pentesting has been waiting for its AI moment, but the wave of point solutions entering the market lacks platform context, testing applications with no understanding of the systems behind them,” said Manoj Nair, Chief Technology Officer at Snyk. “Snyk is different because we already know your code. AI-generated code is systematically pushing authorization flaws and business logic vulnerabilities into production at a pace annual testing cycles were never built to catch. The attacker side of this equation has already gone agentic –the question is whether you get there first. COS trades guesswork for targeted precision, giving security teams proof of what's actually exploitable, not just what scanned clean."

How Evo Continuous Offensive Security Works

Snyk’s Evo Continuous Offensive Security is anchored in four core capabilities that separate it from point solutions in the emerging AI pentesting market.

• Platform context. COS ingests signals from across the Snyk platform — SAST findings, SCA results, prior DAST scans, asset intelligence — and uses that context to guide a coordinated offensive attack agent toward where exploitable risk actually lives.
• Deterministic and multi-model detection. Deterministic scanning excels at well-understood vulnerability classes like XSS and SQL injection, with consistency and speed. Non-deterministic, model-driven reasoning handles what rules can't – business logic flaws, authorization gaps, emergent behaviors in AI-driven applications. COS applies each where it performs best.
• Enterprise AI security harness. COS coordinates leading frontier models, defender class models, and other open and proprietary models, tuned over time inside a governed execution environment with persistent memory, multi-stage attack planning, and full audit controls.
• Attack narratives, not alert lists. COS connects vulnerabilities into exploit chains — showing how an authorization gap and a logic flaw combine into a high-impact attack path — so security teams can prioritize what actually matters.

Evo COS is a multi-model offensive security system purpose-built for enterprise pentesting. Frontier models execute assessments under Snyk's offensive harness; a dedicated validation model serves as an independent judge, confirming exploitability before any finding surfaces; and Snyk's platform intelligence grounds every attack in real application context. The result: a tailored attack narrative built for precision – not noise.

“Security teams are looking for solutions that help them prioritize real risk, not just manage more alerts,” said Colleen Carroll, Senior Director, Information Security Officer, Emburse. “Snyk’s Evo Continuous Offensive Security gives teams clearer visibility into exploitable vulnerabilities and how they chain together, enabling them to move faster, reduce exposure, and support innovation with confidence.”

Availability

• Evo COS is available in early access today — already in production with design partners and continuously being expanded. General availability is expected at Black Hat USA in August 2026.
• Read more about Evo Continuous Offensive Security in Snyk’s blog at https://snyk.io/blog/continuous-offensive-security/.

About Snyk
Snyk, the AI security company, empowers the AI-driven enterprise to develop and secure its future, ensuring organizations can trust AI to innovate without limits. The Snyk AI Security Platform serves as the industry’s AI Security Fabric, weaving protection directly into the flow of creation to secure GenAI code, AI-native applications, and agentic systems. By delivering visibility, control, and autonomous defense secure at inception, Snyk enables over 4,800 global customers to build fearlessly in the AI era.

Media Contact
press@snyk.io

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.