Editorial

AI-powered Cybersecurity to protect Open Source attracts VC interest

Snyk using Machine Learning to “constantly evolve” the tool’s ability to determine if a source code comment, forum post, or social chatter discusses a vulnerability

Posted 22 January 2020 by Gary Flood


A London-headquartered Cybersecurity platform that helps developers find vulnerabilities in their Open Source systems has just raised $150m, raising the VC (Venture Capital) it’s attracted so far to an impressive $250m.

The company in question is called Snyk, with the new funding round led by New York-based private equity firm Stripes, with participation from Salesforce Ventures, Coatue, Tiger Global, BoldStart, Trend Forward, and Amity.

Founded in 2015 and which deliberately markets its Cyber wares to developers in their source code, containers or Kubernetes work, not Security professionals as such. Snyk claims 400,000 developers worldwide are already using its product.

How it works: a developer uses the tool to scan their code so it can see either potential vulnerabilities or licence problems, rating them as serious or not and suggesting a work-round.

“This new funding helps us achieve even faster product innovation, deeper expansion into EMEA and APJ, and broader, impactful support of the DevSecOps community,” said the company’s CEO, Peter McKay, on the company’s blog page.

Speaking to site Venture Beat, Guy Podjarny, his colleague and company President, explains how Snyk observes how its users use container and application dependencies and then uses those insights to improve its automated fixes.

He also reveals that the company uses Machine Learning to “constantly evolve” the tool’s ability to determine if a source code comment, forum post, or social chatter discusses a vulnerability, and funnels that data to our analysts to verify and place into its central vulnerability database.

“With Snyk, security teams offer guidance, policies, and expertise, but the vast majority of work is done by the development teams themselves,” Podjarny is also quoted as saying.

“This is a core part of how we see dev-first security: security teams modelling themselves after DevOps, becoming a center of excellence building tools and practices to help developers secure applications as they build it, at their pace.

“We believe this is the only way to truly scale security, address the security talent shortage, and improve the security state of your applications.”

“This investment accelerates Snyk’s significant momentum in transforming the way application security is approached and delivered in software-driven enterprise organisations,” added McKay.

“With rapid 2019 revenue and customer growth from both individual users and scaling development teams, we are seeing the market embrace developer-first application security to help tackle the increasing cybersecurity concerns that come with digital transformation.”