
I do not read vendor layoffs the way Reddit reads vendor layoffs.
While I was on vacation, a thread climbed to the top of r/cybersecurity: “Snyk laid off up to 30% of their staff today.” It collected 563 upvotes and 105 comments, most of them already writing the company’s obituary.
The thread as it spread: 563 upvotes for a number no source supports.
Here is the number I could actually verify: about 90 people. Roughly 5.8 percent.
The number nobody checked
The layoff is real. On June 24, Snyk cut about 90 employees out of a workforce of roughly 1,550, a cut Globes called a significant blow to its development center in Israel. It was the company’s fourth round.
The “30%” is not real. No source in the thread, and none I could find anywhere, supports it for June 2026.
My best explanation: search results still surface a 2022 CTech headline about Snyk cutting 198 people, 14% of its staff back then. Stack an old 14% on top of four rounds of history, add a “today” to the title, and you get a rumor shaped like a fact.
One more detail matters. Globes noted that Snyk gave no response at all, which left the thread with nothing to check itself against.
Silence sets the price
That silence is the mechanism, and it is not unique to Snyk. When a vendor says nothing, the market does not stay quiet; it fills the gap with whatever numbers are lying around, and old bad news is always lying around.
I spent years on the vendor side of AppSec sales, through rounds like this one. The playbook is always the same: legal reviews every word, so the official line arrives late or never. Meanwhile every rep with a deal in flight improvises answers to “should we be worried?”
By the time the company finds its words, the 30% version has already been in your buying committee’s Slack for a week. Rumors are priced in silence.
What a layoff actually tells you
A layoff headline, by itself, tells you almost nothing. The details underneath it tell you a lot, and they are usually public within days if you know what to look for.
Who was cut. A closed R&D site is a different signal than a trimmed sales team. Engineering cuts touch the roadmap you are buying; go-to-market cuts touch how hard you will be sold to, and how fast support answers.
Which round it is. A first cut after overhiring is common tidying. A fourth round, like this one, means the company is still searching for a shape that works โ worth pricing into a three-year contract.
What leadership is doing. Snyk’s CEO of seven years announced in February that he would step down. A leadership change plus repeated cuts usually means strategy is moving, and the module you are evaluating may not be where the investment goes.
None of that says “drop the vendor.” Snyk remains one of the most widely deployed tools in SCA , and a 5.8% cut is survivable arithmetic. It says: stop reading upvotes and start reading the structure of the cut.
The questions I would ask this week
If a vendor in your stack, or on your shortlist, just had a layoff, these questions get you real signal without theatrics:
- Which teams were affected, and was anyone on the product I use โ engineering, support, or research?
- What is the committed roadmap for the next 12 months, in writing, for the modules I am paying for?
- Has account coverage changed โ do I have the same CSM, SE, and support tier next quarter?
- For a renewal: what happens to my data and migration path if this product line is sold or sunset?
A healthy vendor answers these in days, in writing. Evasion on any of them is a louder signal than the layoff itself.
If you sell for a vendor going through this, the logic reverses. Your buyers have read the thread, and pretending otherwise loses the room. The reps who survive these cycles bring the subject up first, with the real number.
Verify it like a finding
The discipline here is one you already have. Nobody in AppSec accepts “critical vulnerability, trust me” without a severity, a proof of concept, a source. A 563-upvote layoff claim deserves the same treatment as an unverified CVE.
The real story last month was not that Snyk cut 30% of its staff. It did not. The story is that a false number ran unchallenged for days because checking it was nobody’s job.
If a layoff headline is about to change your shortlist, verify it the way you would verify a finding. Then ask the four questions above, and decide on the answers โ not the upvotes.
Have you sat through a renewal or POC while the vendor was visibly shrinking? Reply and tell me what tipped you off. I will feature the sharpest stories, anonymized if you want.
See you next Tuesday.
Sources
- Globes โ Snyk to lay off 90 employees (June 2026, the verifiable number)
- Reddit โ r/cybersecurity thread claiming “up to 30%” (the rumor as it spread)
- CTech โ Snyk to sack 198 employees, 14% of workforce (October 2022 โ the older round the rumor likely borrowed from)
- CTech โ Snyk CEO Peter McKay steps aside (February 2026)
- Cybernews โ Layoffs hit Snyk as company pivots to AI (press framing of the strategy shift)
AppSec Santa Weekly โ vendor-side mechanics, explained for the people signing the contracts. Browse all tools or subscribe for weekly updates.