AI coding assistants are changing everything. Developers using tools like Amazon Kiro can now build features in hours that once took days. But there’s a catch: nearly half of AI-generated code contains security vulnerabilities.
The result? Development teams face a paradox. On one side, AI tools flood their codebases with new code at breakneck speed. But with this speed comes security backlogs. It’s like trying to bail water from a leaking boat while someone’s pouring more water in.
We’re excited to announce the new Snyk Studio for Kiro integration ahead of AWS re:Invent, where you can see it all in action at our booth, workshop, and mainstage speaking session.
Snyk Studio for Kiro ensures rapid, secure AI innovation by integrating Snyk Studio into Kiro’s agentic IDE, allowing developers to prevent new risks at inception and eliminate security backlogs, enabling them to ship with confidence.
Spotting problems before they become a problem
This integration embeds Snyk’s real-time security insights directly into Kiro’s spec-driven development, ensuring the integrity and security of applications.
Once code is written, Snyk Studio for Kiro identifies vulnerabilities, suggesting fixes before the code is ever submitted to the developer. This secure at inception approach is designed for immediate impact, instructing Kiro to:
-
Always run the
snyk_code_scantool for new first-party code that is generated in a Snyk-supported language. -
If any security issues are found based on newly introduced or modified code or dependencies, attempt to fix the issues using the results context from Snyk.
-
Rescan the code after fixing the issues to ensure that the known issues were resolved and that no new issues have been introduced.
-
Repeat this process until no new issues are found.
Intelligent remediation to burn down the backlog
But what about all those existing vulnerabilities that accumulated before AI, plus any that slipped through?
Snyk Studio for Kiro addresses this too, clearing this debt through intelligent remediation. Using natural language, developers can prompt Kiro to scan entire directories of code for security vulnerabilities and then suggest fixes based on the output of the Snyk scan.
Snyk Studio does the heavy lifting by:
-
Identifying vulnerabilities across your code, dependencies, containers, and IaC.
-
Pinpointing exactly where issues exist (file and line number).
-
Providing context on what’s wrong and how to fix it.
-
Validating whether AI-generated fixes are correct.
Snyk automatically provides vulnerability context to Kiro, enabling the AI to generate targeted fixes. Moreover, Snyk acts as a validator, confirming when an issue is successfully resolved. This capability ensures that fixes don’t introduce new problems and allows teams to efficiently reduce their security backlogs.
Getting started
The integration requires just a few steps:
-
Install the Kiro IDE.
-
Set up a Snyk account with Snyk Code enabled.
-
Configure the Snyk MCP server in Kiro.
For teams that want to deploy this across their entire organization, Snyk Studio supports enterprise-wide rollout using endpoint management tools like Jamf. You can configure security rules centrally and push them to every developer’s machine. This process instantly sets up the Snyk extension on all developer machines, enabling Snyk Studio to be used automatically, ensuring that every developer in your organization is aligned from the start.
See it live at re:Invent
Stop by Snyk’s booth (#447) to see live demos of Snyk Studio with Kiro and talk with our team about securing your AI-driven development workflow.
The Snyk team will also be on the main stage with Field CTO Clinton Herget, presenting “The Future of Software Craft in the Age of AI.” Clinton Herget will explore how LLM-based coding assistants are reshaping development work. Spoiler: AI won’t replace developers, but it will change what developers spend their time on, moving from toilsome tasks to higher-value work.
-
When: Wednesday, December 3, 11:30 a.m. PT
-
Location: MGM, Chairman 366
Snyk is also offering a hands-on workshop with certification to software engineers who want to experience Snyk Studio for Kiro first-hand. The Secure AI Engineering Course and Certificate will provide practical guidance on using AI coding tools, including Kiro, while teaching advanced techniques such as background agents, multi-agent workflows, and custom security rules. This is an opportunity to build real software, maintain security, and earn a certificate.
-
When: Tuesday, December 2, 3:00–4:30 p.m. PT
-
Location: Sandbox VR Space
-
What to bring: Your laptop and curiosity. No paid tools required.
The bottom line
AI coding assistants like Kiro represent a fundamental shift in how software gets built. They’re not going away, and the velocity they provide is too valuable to ignore.
But velocity without security is just speed heading toward disaster. Snyk Studio ensures you get the best of both: the unprecedented pace of AI development with security baked in from the start, plus the ability to fix your existing vulnerabilities at scale.
Ready to see it in action? Watch this video to learn how to add Snyk to Kiro, or meet us at re:Invent to experience it firsthand.
Securing Vibe Coding: Addressing the Security Challenges of AI-Generated Code
Snyk Staff Developer Advocate Sonya Moisset breaks down the security implications of Vibe Coding and shares actionable strategies to secure AI-generated code at scale.
