Snyk saw low adoption when asking developers to add checks to their build process. The breakthrough was a GitHub app that not only flagged new vulnerabilities but proactively opened pull requests with the fix. This reframed the tool from a potential blocker to an indispensable, helpful assistant.
Related Insights
Integrate AI agents directly into core workflows like Slack and institutionalize them as the "first line of response." By tagging the agent on every new bug, crash, or request, it provides an initial analysis or pull request that humans can then review, edit, or build upon.
To overcome developer apathy towards security (which feels like boring insurance), Snyk created entertaining talks showing live hacks of popular libraries. This made the threat feel visceral and personal, motivating developers to check their own code far more effectively than a standard risk pitch.
Solo developers can integrate AI tools like BugBot with GitHub to automatically review pull requests. These specialized AIs are trained to find security vulnerabilities and bugs that a solo builder might miss, providing a crucial safety net and peace of mind.
Figma learned that removing issues preventing users from adopting the product was as important as adding new features. They systematically tackled these blockers—often table stakes features—and saw a direct, measurable improvement in retention and activation after fixing each one.
Buildots' growth inflection happened when they stopped selling a data platform and started selling proactive risk alerts. The pitch changed from "Here's data to help you" to "If you don't fix this now, your project will fail." This simplified the value proposition and created urgency.
To drive adoption of automation tools, you must remove the user's trade-off calculation. The core insight is to make the process of automating a task forever fundamentally faster and easier than performing that same task manually just once. This eliminates friction and makes automation the default choice.
Snyk achieved developer adoption but failed to monetize until they addressed the needs of the actual buyer—the security team. They had to add governance and reporting features, realizing that user love doesn't automatically translate to sales when the user and buyer are different people.
eSentire used vulnerability assessments, a standard one-off service, as a wedge. By providing live monitoring and remediation during the audit, clients saw the value of a continuous service and asked to keep it, flipping consulting gigs into high-value recurring revenue contracts.
Snyk combined bottom-up adoption with top-down sales in a 'pincer movement.' They leveraged existing developer usage within an organization as a powerful entry point for their outbound sales team to engage security leaders, turning user love into a compelling conversation with the economic buyer.