AI Coding Tools Need Built-In Security for Agentic Development Era

Staff Editor 2026-06-05
AI Coding Tools Need Built-In Security for Agentic Development Era

AI Coding Tools Need Built-In Security for Agentic Development Era

https://www.infosecurity-magazine.com/news/ai-coding-tools-security-agentic/

Publish Date: 2026-06-05 05:00:00

Source Domain: www.infosecurity-magazine.com

Security must be embedded directly into AI coding tools to mitigate emerging risks associated with agentic development, Ox Security has claimed.

Speaking at Infosecurity Europe on June 4, the vendor’s field CTO, Boaz Barzel, explained that traditional application security was built for human-paced delivery.

That meant pen testing at the end of the monthly delivery cycle. However, AI agents now enable hundreds of code changes per day in a continuous cycle, meaning security can no longer be a bolt-on, Barzel argued.

“The idea is that security isn’t a stage in the pipeline; it’s a property of the act of creation itself,” he told attendees. “We’re trying to shift left, but there’s no longer ‘left’ left to shift to. We have to shift into the agent.”

Read more on agentic security risk: Threat Actor Uses AI to Build EDR Evasion Tools.

AI agents introduce four distinct attack surfaces that traditional tools are not equipped to handle, Barzel explained:

  • Input: Any instructions (eg prompts, guidelines, protocols) entering the agent – be they from developers, upstream agents or threat actors
  • Tools: MCP servers, models, skills and external SaaS connections (shadow and authorized) which could be weaponized to exfiltrate data, inject instructions or pivot laterally
  • Execution: Both human-triggered and autonomous agents running without visibility, enforcement or accountability
  • Output: Vulnerable or destructive code leaving the agent (eg path traversal, injection, backdoors, exfiltration logic) at machine speed without human review

These challenges are compounded by the collapse of the exploitation window thanks to powerful frontier models like Mythos, which could reduce time-to-exploit to minutes. And by the sheer volume of code that AI tools can generate.

Understanding the Auto-Pentest Loop

To make appsec fit for the agentic AI era, it must be embedded in the building loop, contextual and operating continuously, said Barzel.

This means…

Source

More Stories

NICC offers new computing and cybersecurity program for high school students | 97 Seven Country WGLR – The Tri-States Best Variety of Country

NICC offers new computing and cybersecurity program for high school students | 97 Seven Country WGLR – The Tri-States Best Variety of Country

Staff Editor 2026-06-05
Ashley Devoto Named Air Force CIO

Ashley Devoto Named Air Force CIO

Staff Editor 2026-06-05
AI Governance Expectations on the Rise for Insurers Amid New Regulatory Activity: NYDFS Highlights Frontier Risks, Colorado Redefines its AI Law, and NAIC Prepares Regulators with New Tools | Hinshaw & Culbertson – Privacy, Cyber & AI Decoded

AI Governance Expectations on the Rise for Insurers Amid New Regulatory Activity: NYDFS Highlights Frontier Risks, Colorado Redefines its AI Law, and NAIC Prepares Regulators with New Tools | Hinshaw & Culbertson – Privacy, Cyber & AI Decoded

Staff Editor 2026-06-05

Terms and Conditions - Privacy Policy