The real worry here isn’t about a new feature; it’s about the fundamental chasm opening in software development’s security posture. When AI coding agents—tools like GitHub Copilot, Claude Code, and Cursor—start autonomously pulling down packages, adding dependencies, and installing new tools, they’re effectively creating a software supply chain wild west. And in the resulting chaos, nobody seems to be taking the reins.
This isn’t a hypothetical scenario; it’s happening now. As outlined by Aikido Security founder and CEO Morné Delbare, many organizations are completely unaware that their AI agents are making these installation decisions. The implications are stark: enterprises are suddenly exposed to a barrage of potential attacks, as non-technical teams within marketing, sales, and product departments begin using these AI tools for their work, oblivious to the risks being introduced to their systems.
“At most companies right now, no one has made the decision, and no one owns the risk. There’s a gap that has opened up, allowing attacks to slip through.”
The Accountability Gap: Who’s on the Hook?
The crux of the problem, according to Delbare, is the glaring absence of accountability. When a human developer installs a package, there’s an inherent, albeit often implicit, sense of responsibility. They understand, at some level, that their actions could have consequences. But an AI agent? It acts on instruction, or increasingly, on its own initiative, leaving security teams flying blind. This leaves organizations vulnerable. Aikido Security’s recent push with Aikido Endpoint aims to plug this dangerous hole. It inspects packages, plugins, and extensions before installation, actively blocking malware before it ever hits a developer’s machine.
This new tool, along with Aikido Infinite (a continuous AI penetration testing platform), speaks to a larger trend: the security industry is scrambling to catch up with the pace of AI-driven development. The goal is clear: enable developers to keep their creative momentum while ensuring security teams have the visibility and control they need. It’s about establishing guardrails—policies, approved ecosystems, and risk thresholds—within which developers (and their AI proxies) can operate freely.
The Market Responds: A Flood of Solutions
Aikido isn’t the only player attempting to tame this burgeoning chaos. Socket, for instance, recently secured a hefty $60 million in Series C funding, valuing the company at a billion dollars. Their focus is on real-time detection and blocking of malicious open-source packages, famously identifying a compromised dependency in the widely-used Axios JavaScript package in just six minutes. Then there’s Endor Labs, which launched AURI in March 2026, a platform designed to detect vulnerabilities in real-time within coding assistants. Chainguard offers a different approach, securing the foundational infrastructure layer with hardened container images and curated package repositories. Arcjet tackles runtime enforcement in agentic workflows, while Mobb Security focuses on AI agent skill supply chain vulnerabilities.
It’s a crowded space, and for good reason. The attack surface is no longer confined to traditional endpoints; it’s expanding rapidly across the entire market as AI integrates deeper into workflows.
Why Does This Matter for Developers?
For developers, this situation is a double-edged sword. On one hand, AI coding agents promise to accelerate development cycles, automate mundane tasks, and boost productivity. On the other, the unchecked installation of unknown dependencies introduces a significant security risk that can undermine all those gains. If the tools you’re using are introducing vulnerabilities or backdoors, the speed you gain is overshadowed by the potential for catastrophic breaches.
Endpoint’s approach is to treat all installations the same, regardless of whether they’re initiated by a human or an AI. The risk of malware doesn’t change based on the installer’s sentience. This is a sensible, pragmatic stance. The company claims to monitor a broad range of AI tools and models, including Gemini, OpenAI, GitHub Copilot, xAI, MCP Servers, Claude Code, and skills.sh, with the understanding that the agent itself needs to be updated as new tools emerge.
This entire scenario feels eerily reminiscent of the early days of cloud adoption, where security lagged far behind innovation. Companies rushed to deploy services without fully understanding the security implications, leading to widespread data breaches. The current AI coding agent landscape appears to be following a similar trajectory. The technology is outpacing our ability to secure it, creating an environment where the default is now an implicit trust in autonomous agents making critical decisions about what code enters our systems.
What About AI Agent Skills?
The coverage of AI agent skills marketplaces is particularly interesting. While the specifics of which marketplaces are monitored aren’t detailed in the provided text, it highlights the expanding definition of the software supply chain. These skills, essentially small programs that agents can execute to perform tasks, represent another vector for potential compromise. If an AI agent can download a malicious skill, the implications are as severe as downloading a tainted package. The maturity of this coverage will be a critical factor as these agentic workflows become more sophisticated and prevalent. The industry is waking up to the fact that securing code means securing not just the libraries and frameworks, but also the very intelligence that writes and deploys it.
🧬 Related Insights
- Read more: SafeText: The Flutter Profanity Filter That Just Got Multilingual Muscle and Needs Your Help
- Read more: Anthropic’s $1.5M Apache Donation: Payback or PR Ploy?
Frequently Asked Questions
What does Aikido Endpoint actually do? Aikido Endpoint inspects packages, plugins, and extensions before they are installed and automatically blocks any detected malware, aiming to secure AI-native software development workflows.
Will AI coding agents replace human developers? While AI coding agents can automate many tasks and boost productivity, they are unlikely to fully replace human developers in the foreseeable future. Human oversight, creativity, and complex problem-solving skills remain essential.
How can my company protect itself from these AI-driven security risks? Companies need to establish clear security policies for AI agent usage, implement tools for monitoring package installations, and ensure continuous security validation throughout the development lifecycle, as offered by solutions like Aikido Security.
