Latest news with #PeterMcKay
Techday NZ
7 days ago
- Business
- Techday NZ
Snyk acquires Invariant Labs to boost AI-native app security
Snyk has announced the acquisition of Invariant Labs, a move set to expand its AI security capabilities and address the increasing security demands of AI-native and agentic applications. Invariant Labs, known for its work in shaping security standards for agentic AI, will now become part of Snyk, integrating its research and technologies with Snyk's recently launched AI Trust Platform. The acquisition marks Snyk's twelfth to date and brings with it a new research and development function, Snyk Labs, to advance security for emerging AI risks. AI security integration Peter McKay, Chief Executive Officer at Snyk, commented on the impact of the acquisition: "This acquisition is an important integration into Snyk's recently launched AI Trust Platform that adds the ability to secure applications from emergent threats. Snyk can now offer customers a single platform to address both current application and agentic AI vulnerabilities." According to Snyk, the technologies and approaches developed by Invariant Labs will be absorbed into Snyk Labs, concentrating efforts on research regarding AI security, especially in relation to large language models (LLMs), autonomous agents, and multi-component protocol (MCP) systems. Snyk Labs will serve as the company's new research arm, delivering capabilities through its AI Trust Platform by focusing on threats such as tool poisoning and MCP rug pulls. With the rapid growth of AI-native software in enterprise settings, security teams are increasingly confronted with new and unfamiliar threats. Snyk's acquisition of Invariant Labs aims to provide consolidated tools and intelligence, equipping customers to manage risks associated with agent-based systems in real-time production environments. Responding to evolving risks Snyk emphasised that the integration will allow security professionals to secure not only established applications, but also the emerging generation of AI-native and agentic software that is seeing widespread adoption. This dual focus is intended to support companies dealing with risks such as unauthorised data exfiltration, agent actions beyond the intended scope, and MCP vulnerabilities. At the forefront of research on new AI risks, Invariant Labs has played a key role in identifying and naming novel attack types, including terms like "tool poisoning" and "MCP rug pulls," which are already being observed in live deployments. "With Invariant Labs, we're accelerating our ability to identify, prioritize, and neutralize the next generation of Agentic AI threats before they reach production," said Manoj Nair, Chief Innovation Officer at Snyk. "This acquisition also underscores Snyk's proactive commitment to supporting security teams navigating the urgent and unfamiliar risks of AI-native software, which is rapidly becoming the new software development default." Technology and research Invariant Labs is known for developing Guardrails, a transparent security layer for LLMs and AI agents. Guardrails enables developers to implement security controls, observe system behaviours in context, and enforce policies based on a combination of static and runtime data, human review, and incident logs. These features are designed to help developers scan for vulnerabilities and monitor agent compliance with security standards. Marc Fischer, PhD, Chief Executive Officer and co-founder of Invariant Labs, commented on the direction of the merged teams: "We've spent years researching and building the frameworks necessary to secure the AI-native future. We must understand that agent-based AI systems are a powerful new class of software, especially autonomous ones, and demand greater oversight and stronger security guarantees than traditional approaches. We're excited to join the Snyk team, as this mindset is deeply aligned with their mission." The collaboration is expected to further embed Invariant Labs' research-driven approach into Snyk's product offerings, supporting organisations with real-time defences against current and emerging AI threats. As AI adoption continues to rise, this acquisition highlights steps being taken within the cybersecurity sector to address vulnerabilities inherent to autonomous, agent-based, and AI-native systems already in use across industry.
Forbes
02-05-2025
- Business
- Forbes
AI And Cybersecurity: The New Administration's 100-Day Reckoning
Just 100 days into the Trump administration, cybersecurity leaders are grappling with a volatile mix of deregulation, rising geopolitical tension, and accelerated adoption of AI. At the RSAC 2025 conference this week, Snyk hosted a timely panel titled 'The First 100 Days: How AI, Policy & Cybersecurity Collide,' featuring an all-star lineup: Jen Easterly, former CISA Director; Nicole Perlroth, former journalist and partner with Ballistic Ventures; Sumit Dhawan, CEO of Proofpoint; and Peter McKay, CEO of Snyk. Moderated by Axios cybersecurity reporter Sam Sabin, the conversation examined the early signs of disruption and dysfunction—and what it all means for software security, national defense, and innovation. The discussion was grounded in new findings from a Snyk-commissioned CISO survey, which revealed stark concerns about AI-generated threats, fragmented regulation, and eroding trust between the public and private sectors. Since January, 70% of surveyed CISOs reported experiencing a cyberattack involving AI. Panelists noted that organizations are rapidly embracing AI to increase productivity, but often without properly considering security implications. This rush to adopt AI is creating a widening gap between innovation and risk management. At the same time, nearly all CISOs surveyed expressed concern that AI-generated code may be introducing hidden vulnerabilities, suggesting a dangerous disconnect between perceived readiness and the evolving threat landscape. Peter McKay observed, 'Everybody is just focused on productivity... just get the benefits of AI and we'll figure out security later,' highlighting the widespread rush to adopt AI tools without sufficient safeguards. The panel addressed the impact of federal workforce reductions and policy reversals, including the rollback of Biden-era AI executive orders. Former CISA Director Jen Easterly described the loss of technical talent from government agencies as damaging to national cyber readiness. The panelists noted that reported loyalty requirements for federal cybersecurity personnel could further erode morale and independence. Concerns also extended to international partnerships, with reports that allied nations are beginning to limit intelligence sharing with the U.S., reflecting declining trust in the current administration. AI is drastically accelerating software development cycles, but this rapid pace is straining traditional security frameworks. Panelists highlighted how internal pressure to innovate often overrides caution, leading to insufficiently vetted tools and code. They stressed the importance of integrating security from the outset rather than as an afterthought, and called for secure-by-design practices to become standard. Without these safeguards, AI tools that can prevent threats may also be exploited to cause harm. Speakers emphasized that recent setbacks in federal cybersecurity leadership and policy risk reversing years of progress in public-private cooperation. The collaboration that once enabled a strong collective response to cyber threats—most notably in Ukraine—is now showing signs of strain. Several panelists expressed concern that trust is weakening on both sides, with private companies unsure about their role in threat reporting and mitigation, and government agencies losing key channels for visibility. CISA's partnership-enabling authorities, such as CPAC, were cited as critical tools that are currently on hold. When asked what single change they would make if given a 'magic wand,' panelists offered a range of pragmatic solutions. Proposals included mandating secure-by-design standards for consumer-grade routers—long a weak link in infrastructure security—and launching a national effort to clean up the open source codebase that underpins most modern applications. Others called for harmonized, standardized AI development regulations to prevent a patchwork of conflicting state laws. There was also strong support for a software liability regime tied to demonstrable secure development practices, as well as the use of AI to refactor legacy code written in memory-unsafe languages. As his top policy wish, McKay advocated for a national effort to improve software security at the source: 'If we all just focused on how we can just clean up open source code, we would have been in a better place.' A unifying theme throughout the discussion was the urgent need for coordination—across sectors, agencies, and borders. The convergence of rapid AI adoption, regulatory rollbacks, and mounting cyber threats is creating a perfect storm. Industry leaders stressed that security cannot be an afterthought, and that public trust and international cooperation hinge on transparency, integrity, and mutual accountability. The panel concluded with a call to preserve the principles of trust and collaboration that once underpinned America's cyber defense strategy—and to ensure those values guide policy moving forward. Easterly closed with a reflection on her time at CISA and how that should serve as a guiding light moving forward: 'We built trust and catalyzed trust and collaboration, and we did it with integrity, we did it with humility, we did it with transparency, and we did it with character. And that's what you all should demand from your government.'
