Snyk is buying Invariant Labs, a leading AI security research firm, to expand the capabilities of its AI Trust Platform and extend its AI security research efforts.
Developer security platform provider Snyk has acquired AI security research firm Invariant Labs in a move to bolster the company’s recently launched AI Trust Platform, the company said Tuesday.
Snyk is also leveraging the acquisition to establish Snyk Labs, the company’s new research arm focused on advancing the AI security services delivered through the AI Trust Platform, according to the company.
Invariant Labs is the latest in a line of Snyk acquisitions that includes Probely, a Portugal-based developer of Dynamic Application Security Test (DAST) technology for security testing of APIs that Snyk bought in November 2024, and Helios, whose technology captures security relevant data from live applications, that Snyk acquired in January 2024.
[Related: The 2025 Security 100]
Earlier Snyk acquisitions included DeepCode, Reviewpad and Enso Security.
Terms of the acquisition of Invariant Labs, headquartered in Zurich, Switzerland, were not disclosed.
Boston-based Snyk provides a developer security platform that’s designed to help businesses and organizations identify and fix vulnerabilities in their software code, open-source dependencies, containers and infrastructure as code, enabling developers to secure applications throughout the entire software development lifecycle.
On May 28 Snyk debuted the AI Trust Platform, an AI-native agentic platform specifically built to secure and govern software development in the AI era, according to Snyk. The goals of the new platform, according to the company, are to reduce the security risks associated with AI-generated code and help organizations better defend themselves against AI-driven cyberattacks.
The acquisition of Invariant Labs furthers those efforts, according to Snyk.
“This acquisition is an important integration into Snyk’s recently launched AI Trust Platform that adds the ability to secure applications from emergent threats,” said Snyk CEO Peter McKay in the announcement of the acquisition deal. “Snyk can now offer customers a single platform to address both current application and agentic AI vulnerabilities.”
The acquisition also provides “a major advancement” for Snyk Labs, the company’s new research arm focused on advancing AI security through the AI Trust Platform. Snyk said the acquisition “brings a talented team of preeminent researchers” with a track record of providing “industry-first intelligence” on agentic attack vectors, MCP vulnerabilities, tool poisoning and runtime detection techniques.
“We’ve spent years researching and building the frameworks necessary to secure the AI-native future,” said Invariant Labs CEO and co-founder Marc Fischer, in a statement. “We must understand that agent-based AI systems are a powerful new class of software, especially autonomous ones, and demand greater oversight and stronger security guarantees than traditional approaches.”
What The Acquisition Brings
The addition of Invariant Labs boosts Snyk’s ability to help customers secure AI-native and agentic applications, including large language models and autonomous agents. Snyk can now support security teams as they deal with “urgent and unfamiliar risks” in AI-native software, according to the acquisition announcement.
Snyk said Invariant Labs has been on the forefront of research around new security issues such as unauthorized data exfiltration to AI agents executing unintended actions and threats such as MCP vulnerabilities. The company has even discovered and named new attack terminology including “tool poisoning” and “MCP rug pulls,” according to Snyk.
Invariant Labs, for example, has developed Guardrails, what Snyk describes as “a transparent security layer at the large language model and agent level that developers use to augment existing AI systems with security safeguards. With the company’s technology developers can inspect and observe agent behavior, enforce contextual security rules for agent systems, and scan MCP servers for vulnerabilities.
“With Invariant Labs, we’re accelerating our ability to identify, prioritize and neutralize the next generation of agentic AI threats before they reach production,” said Mano Nair, Snyk chief innovation officer, in a statement. “This acquisition also underscores Snyk’s proactive commitment to supporting security teams navigating the urgent and unfamiliar risks of AI-native software, which is rapidly becoming the new software development default.”
