Snyk Ushers in the Future of DAST: AI-Driven Security for the Age of AI-Driven Development

I'm thrilled to announce Snyk API & Web, our next-generation dynamic application security testing (DAST) solution. It's more than just a product launch; it's Snyk’s answer to securing the complex, AI-powered applications developers are building today, deepening the integration of DAST into our comprehensive Developer Security Platform.

Modern development, with intricate architectures, proliferating APIs, and now the speed of AI,  has outpaced legacy DAST tools. Recognizing this critical gap, Snyk strategically acquired Probely last year. We integrated its best-of-breed DAST technology with our leading SAST, SCA, container, and IaC security engines. The result is Snyk API & Web: a deeply integrated and differentiated solution built on platform strength.

AI Development Demands AI Security

Application development is transforming at lightning speed, largely driven by generative and agentic AI. This brings incredible innovation but also dramatically expands the attack surface: more code, complex API interactions, and new potential vulnerabilities.

Simply put: AI-driven development demands AI-driven security. Legacy DAST wasn’t ready. Snyk foresaw this shift, engineering solutions designed to operate at the speed and intelligence required to secure these modern applications without hindering the speed of delivery and innovation. Organizations cannot embrace AI's power without a plan to manage the inherent risk.

Introducing Snyk API & Web: Redefining DAST

Snyk API & Web thrives where legacy DAST tools falter, especially in securing the APIs that connect applications and Large Language Models (LLMs). We didn't just fill a DAST gap, we're redefining it for the AI era.

As Katie Norton from IDC highlights, this capability is crucial:

"The acquisition of Probely also enables Snyk to expand its offerings to support the security needs of generative AI applications, ensuring that developers can confidently build intelligent systems without exposing APIs to exploitation. The rapid rise of generative AI applications has introduced new challenges in application security, particularly around the APIs that power these systems. As developers increasingly integrate large language models (LLMs) into their applications, APIs play a critical role in facilitating data processing, model interaction, and user engagement. Further, generative AI applications often exhibit dynamic behaviors influenced by user input, making it challenging to predict how APIs will respond to edge cases, malformed requests, or malicious data.

DAST tools are particularly well suited for identifying vulnerabilities in these operational environments. By simulating real-world attacks, DAST can detect issues such as improper input validation, insufficient encryption, or insecure data transmission. These capabilities are especially relevant for LLM-based applications that process sensitive data, including personally identifiable information (PII), financial details, and proprietary content. Given that IDC predicts that by 2026, 40% of net-new applications will be intelligent apps; this DAST is critical for addressing the increasing demand for secure, AI-powered solutions."

(You can read Katie's full take on the acquisition here)

The Power of the Snyk Platform

While Snyk API & Web's engine is powerful on its own, its true strength is unlocked within the Snyk platform. Integrating DAST with SAST, SCA, and our other tools enables capabilities standalone solutions can't offer:

• Holistic Risk View: Comprehensive visibility and insights across the entire SDLC on a single platform.

• Developer-First: Actionable security context embedded directly into developer workflows.

• Synergistic Detection: Correlating findings (like SAST + DAST) for smarter, prioritized vulnerability management, reducing noise and pinpointing real threats.

This deep integration is why we believe only Snyk is truly innovating in DAST today: because we believe only Snyk has the unified platform to deliver these combined benefits.

Market Momentum Fuels Innovation

The market response confirms our vision. Since the Probely acquisition, we've seen overwhelming interest, reflected in 245% Quarter-over-Quarter ARR growth for our DAST capabilities. Customers tell us this integrated approach is exactly what they’ve been waiting for.

This powerful validation fuels our accelerated roadmap. We're investing heavily based on market need, enhancing AI-driven testing, expanding API coverage, and providing richer context for faster remediation.

Roadmap Highlights: What's Next

• AI-Driven API Testing: Using LLMs fine-tuned in-house, we're transforming API testing. Our engine simplifies API discovery and automates scanning, extending coverage for OWASP’s Top 10 risks like BOLA (#1) by using AI to simulate human-like testing of business logic at scale.

• Code-Informed Dynamic Testing (SAST/DAST Correlation): A potential industry first, leveraging static and dynamic analysis for smarter detection. By correlating DAST findings (exploitable issues) with SAST insights (code location), we provide precise context, enable better prioritization, and pave the way for automated remediation via capabilities like DeepCode AI Fix.

• Seamless CI/CD Integration: Built for automation. Developers can embed DAST seamlessly into pipelines with self-service scanning, guided by AppSec policies. We're even exploring LLMs to help optimize scan profiles for speed and effectiveness at scale.

Leading the AppSec Charge in the AI Era

The age of AI-driven development is here. With Snyk API & Web integrated into our comprehensive Developer Security Platform, we're equipping organizations to innovate securely and confidently at the speed the modern world requires.

The future of AppSec is intelligent, integrated, and developer-focused. We believe it's here with Snyk. And this is just the beginning.

To learn more about Snyk API & Web, please head over to https://snyk.io/product/dast-api-web/.