In the latest instalment of our cybersecurity industry executive interview series we spoke to Synk CTO Danny Allan about the impact of AI co-pilots, stamping out vulnerabilities from the open source supply chain, skills and role transitions as AI becomes more prevalent, and how the sector remains driven by human factors despite the advancement of technology…
Tell us about your company, products and services.
Snyk is an AI-powered developer security platform. We secure software development to unleash developer productivity and speed while reducing business risk. With the rise of AI co-pilots and the skills gaps many companies face, the risk of allowing vulnerabilities into products, or into the wider community through open source projects, grows rapidly. We help developers code and commit with confidence, shifting left, staying in the flow, keeping their businesses and customers secure.
With Snyk’s platform, everyone involved with DevSecOps can secure applications as they build, avoid vulnerabilities, keep base images secure, find and fix misconfigurations, and write, test, and deploy secure cloud configurations across the SDLC with in-line remediation advice. Users can discover and test the security of APIs and Web Applications in runtime, align AppSec with business risk management, and unleash the power of GenAI with the guardrails of AI-powered AppSec.
What have been the biggest challenges the Cyber Security industry has faced over the past 12 months?
AI co-pilots have really transformed the developer experience, but increased speed and assistance for less skilled developers have come at a real, measurable, and serious cost in errors, vulnerabilities, and enhanced business risk. The industry is still finding its feet, but it’s important to know that solutions in the space run with different models and not everything is or should be GenAI. Code testing and remediation is best done with combinations controlled by a symbolic AI, while ‘traditional’ AI is based on more logical rules creating more consistent outputs.
And what have been the biggest opportunities?
For developers, AI’s benefits quickly became very clear, both for supporting a better in-flow experience and boosting their speed and ability. For the industry, the AI solutions developers are making are incredible and affecting the outputs across every sector. But the largest opportunity we see is for those that win the reliability, consistency, and accuracy plaudits for their AI-powered offerings. When a tool really outperforms the field – like Snyk’s platform – it’s a race to showcase the proof to the market and clean up. The AI field is impressive and evolving, but its rapidly approaching maturity is when we’ll see some truly momentous industrial and economic changes happen.
What is the biggest priority for the Cyber Security industry in 2025?
Stamping out vulnerabilities from the open source supply chain is everyone’s problem. Just about everything of importance is supported to an extent by open source dependencies and resources. AI that adds to this is great only so much as it creates vulnerability-free code and can be used to check and confirm reliability at every stage, given the potential for international state and criminal bad actors to affect whole industries.
What are the main trends you are expecting to see in the market in 2025?
We won’t see security in development become invisible or obsolete, instead it will become easier to manage as innovations compound this year. Right now, developers are primarily tasked with building and creating, however security has become part of their remit as software design shifts left. We’re now seeing security largely given over to the security operations team, guided much more by AI in every part of the software development lifecycle.
We’re also seeing a concerning year for open source security given the AI-driven paradigm shift. AI really helps organisations focus on what needs to be addressed in the short term, but not on actually addressing the underlying problem. It’s likely that the majority of code will be created by code assistants within a few short years, and as a consequence, we may see less open source and more security as a result. With AI assistants creating custom, private code, there’ll be potentially less open source code written and used, and therefore less maintenance of existing codebases. We may see the impact of less open source and also less security as a result.
I’m looking to see AI-powered vulnerability remediation become recursive in 2025. AI is more than GenAI. 2025 will show the DevSecOps community using complementary models for both analysis and fix. GenAI coding will likely be the most prominent technology creating code, meaning that development, rather than fix, will develop quicker – causing bottlenecks in the workflow. Techniques like symbolic regression analysis that will help users understand the data flows of the application in a way that traditional analysis does not.
What technology is going to have the biggest impact on the market this coming year?
While AI continues to dominate headlines, the software supply chain could still have a major impact on the global cybersecurity market. SBOMs, attestation frameworks, and provenance tracking is changing how we all think about risk. High-profile breaches through compromised dependencies and third-party components have made it clear that securing code is not just about what you write, it’s about what you build with. As regulators demand transparency across the software supply chain, I expect tooling that automates trust validation, enforces policy around dependencies, and provides continuous monitoring of software lineage to become a requirement.
In many ways, supply chain security will become the new frontline in cybersecurity, forcing developers and security teams to collaborate earlier, think differently, and build trust into every stage of the development pipeline.
In 2026 we’ll all be talking about…?
Skills and role transitions. As AI becomes more embedded in workflows, IT professionals will need to transition from builders to orchestrators, using AI to automate repetitive tasks, accelerate development cycles and enhance system resilience. Prompt engineering, AI oversight and ethical deployment are fast-emerging skills. But beyond AI, core areas like cybersecurity, cloud architecture, DevSecOps and compliance will continue to demand deep human expertise.
We’re seeing a clear shift: traditional infrastructure roles are declining, while demand for cloud-native skills, automation and platform engineering is rising. AI may write code, but it can’t yet anticipate context, design architecture or secure systems end-to-end – and that’s where people still matter.
Which person in, or associated with, the Cyber Security industry would you most like to meet?
I have always been impressed with Bruce Schneier and his ability to think beyond what the industry is today, and project out into the future based on past trends and experience. Given that most trends in the industry are recursive in nature, he remains a voice of reason and moderation on future and I would love to learn more from him.
What’s the most surprising thing you’ve learnt about the Cyber Security sector?
The sector is deeply driven by human factors as much as tech. As much as it’s an engineering and technical discipline the greatest vulnerabilities internal to the industry come from the way people design, implement, and interact with systems: From misconfigured cloud environments to social engineering, it’s people that form the central part of our challenge.
This has shaped how we approach the developer security experience. Building a secure workflow isn’t just about implementing the tools or standards, it’s as much about creating processes, cultures, and feedback loops that prioritise secure thinking throughout the lifecycle. Cybersecurity is as much about education, empathy, and enablement as it is about firewalls and zero-days. That duality between the technical and the human is what continues to surprise and inspire me every day.
What’s the most exciting thing about your job?
Although the software industry does its thing indoors on a screen, we impact the whole world. Helping DevSecOps drive out risk, improve the safety of software, it really does change the world, a little bit at a time. The world needs more builders and protectors standing up to the destroyers and takers. Every business able to support its customers is another vote for the kind of world we want to live in.
And what’s the most challenging?
Our adversaries and the technological environment keep changing, never resting. We must keep our energy and creativity high and to innovate new forms of testing, validating, protecting, and improving the user experience at the same time. Challenging security procedures tend to get worked around, so culture forms a massive part of everything the industry does to make life better for developers, security testers, and their organisations.
What’s the best piece of advice you’ve ever been given?
Early in my career, someone told me that it was a mistake to specialize too much in any one part of the technology. I was given the advice to “be an athlete”. An athlete never stops learning and adapting to their environment around them. Winning comes from observing, asking questions, learning, and always having a competitive mindset. I’ve always attempted to keep this foremost in my career.
Succession or Stranger Things?
Truthfully, I’ve watched neither series. I’ve been too involved with technology and learning to spend too much time on entertainment. I suppose when my career slows down that I will have more time to relax. I haven’t reached that milestone yet.
