Snyk customers now have access to Snyk AI-BOM and Snyk MCP-Scan in experimental preview – with more to come!
Identify your AI models, datasets, MCPs, and more. Map your entire AI supply chain across all your apps with Snyk’s AI Bill of Materials – available in both our CLI and as an API.
Start with this command:
$ snyk aibom --experimental [<OPTION>]For Python projects using Snyk CLI v1.1298.3 (or later).
You can also use the Snyk AI-BOM API - get started here.
MCP-Scan is an open-source tool for analyzing Model Context Protocol (MCP) setups. It automatically discovers MCP servers and tools (e.g., Claude, Cursor, Windsurf) and scans them for common security issues such as prompt injection, tool poisoning, toxic flows, and other vulnerabilities.
Start with these commands:
uvx mcp-scan@latestScans your installed servers for security vulnerabilities in tools, prompts, and resources (automatically discovers MCP configs, including Claude, Cursor, Windsurf, etc.).
mcp-scan ~/.vscode/mcp.jsonScans a particular MCP server configuration. For example, a VS Code MCP config.
Sign up today and be part of building a more secure AI-native tomorrow.
Follow the Snyk Labs journey to:
Get exclusive updates on the development of future security solutions being incubated by Snyk Labs.
Be the first to know about our latest research findings and security insights for AI-native applications.
Apply to co-build an incubation if you’d like to partner with Snyk Labs.