Why we built Snyk Studio:
AI code assistants are incredible at speed but they’re not hired to be your AppSec engineer. Over the past year we kept seeing the same pattern: great-looking code suggestions that quietly introduced risky dependencies, weak crypto, or unsafe input handling. Teams told us they either slowed down to review every snippet, or accepted the risk and queued it into the backlog. Neither felt great. Some developers were left completely ignorant to the security issues they were introducing with their AI tools. Yikes!
What we’re solving:
Catching issues before they even get suggested to the developer, scanning AI code suggestions in real time, inside the prompt.
Giving AI the right security context so it can plan and apply effective and safe security fixes that match your org’s standards.
Killing context switches – no more bouncing between the IDE, docs, scanners, and tickets just to understand a vulnerability.
How we got here:
We started by watching developers work with assistants like Cursor and Windsurf. The “aha” moment came quick: the “left” in “shift left” has shifted. Security needs to participate at the moment of code suggestion, not after the commit. Not even when the first lines of code are saved in the IDE. We prototyped an IDE-first guardrail, built an MCP (Model Context Protocol) server and then layered in Snyk’s security insights, and added security controls and directives (aka rules and instructions) so teams can choose exactly when and how scans run. The result is Snyk Studio: a safety layer that keeps the pace of AI while reducing the risk.
What to try today:
Install the Snyk VS Code extension to automatically deploy Snyk Studio, pre-configured with directives (link also takes you to Cursor and Windsurf installs)
Generate code with your assistant, then watch Snyk Studio flag and explain risky patterns (🤓) before you accept the code changes. Heck, the agent might just run on YOLO mode and fix the code itself based on Snyk’s suggestions and context.
Point at an existing vulnerability and ask your assistant to fix it; Snyk Studio provides security context so the plan and patch are correct.
We’d love your feedback on the onboarding flow, the default scanning behavior, and the explanations for flagged patterns.
Thanks for checking out Snyk Studio, excited to hear how it fits your AI coding workflow!