Skip to main content

Try Snyk’s Latest Innovations in AI Security

Identify your AI models, test your AI systems against attacks, and scan your MCPs

Snyk customers now have access to Snyk AI-BOM, Snyk AI Red Teaming, and Snyk MCP-Scan in experimental preview – with more to come!

A command-line tool called "mcp-scan" analyzing a server's tools. The scan flags a prompt injection error, a tool description warning, and two "toxic flow" warnings for a potential date leak and destructive action.

Snyk MCP-Scan

MCP-Scan is an open-source tool for analyzing Model Context Protocol (MCP) setups. It automatically discovers and secures MCP servers (e.g Claude, Cursor, Windsurf), Agent Skills, and Data pipelines and scans them for common security issues such as prompt injection, tool poisoning, toxic flows, and other vulnerabilities.

Start with these commands:

npx snyk@latest mcp-scan --experimental

Scans your installed servers for security vulnerabilities in tools, prompts, and resources (automatically discovers MCP configs, including Claude, Cursor, Windsurf, etc.). Identify Toxic Skills via SKILL.md files containing obfuscated malware, backdoors, and prompt injection payloads.

mcp-scan ~/.vscode/mcp.json

Scans a particular MCP server configuration. For example, a VS Code MCP config.

View Docs
A close-up of a terminal window showing the command $ snyk aibom and its resulting JSON output, which is an AI Bill of Materials in the CycloneDX format.

Snyk AI-BOM

Identify your AI models, datasets, MCPs, and more. Map your entire AI supply chain across all your apps with Snyk’s AI Bill of Materials – available in both our CLI and as an API.

Start with this command:

$ snyk aibom --experimental [<OPTION>]

For Python projects using Snyk CLI v1.1298.3 (or later).

You can also use the Snyk AI-BOM API - get started here.

View Docs

Snyk AI Red Teaming

Continuously test your AI systems against real-world attack scenarios.

Snyk’s AI Automated Red Teaming simulates adversarial attacks on your models and agents to uncover vulnerabilities before attackers do, including prompt injections, data exfiltration, jailbreaks, and tool misuse.

Start with this command:

snyk redteam --experimental --config [<target-config-file-path>]

Generates a structured report of all discovered vulnerabilities, including severity and evidence.

View Docs

Sign up for updates

Join Snyk Labs in leading AI security innovation

Sign up today and be part of building a more secure AI-native tomorrow.

Follow the Snyk Labs journey to:

  • Get exclusive updates on the development of future security solutions being incubated by Snyk Labs. 

  • Be the first to know about our latest research findings and security insights for AI-native applications.

  • Apply to co-build an incubation if you’d like to partner with Snyk Labs.

Get Snyk Labs Updates