AI coding agents are no longer experimental. According to a recent survey byย StackOverflow, 81% of developers are using AI tools to develop software. From AI code editors like Cursor, Windsurf, VS Code, and others, to Model Context Protocol (MCP) servers, enterprises are adopting these systems to accelerate delivery and meet rising expectations for speed and scale.ย ย
AI promises to make software development dramatically more efficient, but it also amplifies security risk. Conventional weaknessesโinput validation gaps, command injections, hard-coded secrets, vulnerable dependenciesโare now joined by design-level flaws that alter security posture and architecture. Together,ย theyโreย forcing a rethink of how security mustย operateย in the age of AI-assisted development.ย
AI introduces familiar and novel risksย
Large language models (LLMs) are trained on vast repositories ofย open sourceย code. As a result, they take the good and the bad. When these models generate code, they can replicate those flaws. While exact percentages vary, academic studies suggest thatย roughly aย third of AI-generated codeย containsย known vulnerabilities.ย
The challenge with AI is that not everything looks as it seems.ย Endor Labs found that only 1 in 5 open source dependencies imported by AI coding agents were safe. The rest includedย hallucinated dependenciesโpackages thatย donโtย exist but sound plausibleโor dependencies with known security vulnerabilities. Attackers have already begun exploiting this behavior by creating malicious packages that match hallucinated names, a new twist onย typosquattingย known asย slopsquatting.ย
Where AI truly diverges from human developers, however, is in design reasoning. A developer considers architecture and intent; a model predicts the next token.ย Thatโsย why AI often introduces subtle design flaws that weaken securityโswapping cryptographic libraries, altering token lifetimes, orย modifyingย authentication logic. Research also shows that each successive prompt to an AI agent can increase vulnerability countโhighlighting how iterative prompting compounds risk.ย
Expanding the attack surfaceย
The code itself is only part of the problem. The AI development ecosystem introduces a new supply chain: models and MCP servers that connect assistants to live environments. Eachย componentย can expose sensitive data or inject unvetted logic into the build process.ย
In other words,ย youโreย no longer just securing the applicationโyouโreย securing theย modelย that wrote it, theย integrationsย it used, and theย contextย it was given. This layered interdependence makes visibility and policy enforcement exponentially harder.ย
Why traditional tools fall shortย
Traditional AppSec toolingย isnโtย built to catch these complex flaws. Most static analysis or dependency scanners assume human authorship or predictable code patterns. They struggle toย identifyย the new classes of risk that AI can introduce into the software supply chain. As AI adoption continues to accelerate, this gap between traditional security tooling and AI-generated risk will only widen.ย
Securityย canโtย remain an afterthought. The solution is not to slow innovation, but to make security intrinsicโto build systems that produce secure-by-default code. That means embedding protection into every phase of the AI-assisted SDLC.ย
Building secure-by-default codeย
It beginsย atย design, where teams encode security requirements directly into prompts and define tests the model must pass before code is accepted. Organizations should also formalize their unique security policiesโlike enforcing a specific library for input sanitizationโinto rules consumable by AI agents.ย
We also need a new class of tools. Duringย generation, MCP servers canย validateย code in real time, using security intelligence to enforce guardrails automatically and require agents to verify their work. And multi-agent security review systems can reason across files to help human reviewersย identifyย logic flaws and designย driftย from secure design patternsโsomething human reviewers often miss under time pressure.ย
Finally, CI/CD mustย maintainย a full audit trail, tracking the provenance of every model, agent, and dependency to ensure eachย componentย entering the system is known, verified, andย policy-compliant.ย
AI is reshaping how software is written.ย To keep pace, our security model has to evolve just as fast.ย That starts with treating AI-generated code as untrusted, unverified input. It requires the same scrutiny and evaluation as any other untrusted dependency. We need to build systems that make โsecure by defaultโ not an aspiration, but an outcome.ย
