{"id":264730,"date":"2026-06-05T05:00:00","date_gmt":"2026-06-05T09:00:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/05\/ai-coding-tools-need-built-in-security-for-agentic-development-era\/"},"modified":"2026-06-05T06:10:28","modified_gmt":"2026-06-05T10:10:28","slug":"ai-coding-tools-need-built-in-security-for-agentic-development-era","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/05\/ai-coding-tools-need-built-in-security-for-agentic-development-era\/","title":{"rendered":"AI Coding Tools Need Built-In Security for Agentic Development Era"},"content":{"rendered":"<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/ai-coding-tools-security-agentic\/\">AI Coding Tools Need Built-In Security for Agentic Development Era<\/a><\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/ai-coding-tools-security-agentic\/\">https:\/\/www.infosecurity-magazine.com\/news\/ai-coding-tools-security-agentic\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-05 05:00:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.infosecurity-magazine.com\">www.infosecurity-magazine.com<\/a><\/p>\n<p>Security must be embedded directly into AI coding tools to mitigate emerging risks associated with agentic development, Ox Security has claimed.<\/p>\n<p>Speaking\u00a0at Infosecurity Europe on June 4, the vendor\u2019s field CTO, Boaz Barzel, explained that traditional application security was built for human-paced delivery.<\/p>\n<p>That meant pen testing at the end of the monthly delivery cycle. However, AI agents now enable hundreds of code changes per day in a continuous cycle, meaning security can no longer be a bolt-on, Barzel argued.<\/p>\n<p>\u201cThe idea is that security isn\u2019t a stage in the pipeline; it\u2019s a property of the act of creation itself,\u201d he told attendees. \u201cWe\u2019re trying to shift left, but there\u2019s no longer \u2018left\u2019 left to shift to. We have to shift into the agent.\u201d<\/p>\n<p>Read more on agentic security risk: Threat Actor Uses AI to Build EDR Evasion Tools.<\/p>\n<p>AI agents introduce four distinct attack surfaces that traditional tools are not equipped to handle, Barzel explained:<\/p>\n<ul>\n<li>Input: Any instructions (eg prompts, guidelines, protocols) entering the agent \u2013 be they from developers, upstream agents or threat actors<\/li>\n<li>Tools: MCP servers, models, skills and external SaaS connections (shadow and authorized) which could be weaponized to exfiltrate data, inject instructions or pivot laterally<\/li>\n<li>Execution: Both human-triggered and autonomous agents running without visibility, enforcement or accountability<\/li>\n<li>Output: Vulnerable or destructive code leaving the agent (eg path traversal, injection, backdoors, exfiltration logic) at machine speed without human review<\/li>\n<\/ul>\n<p>These challenges are compounded by the collapse of the exploitation window thanks to powerful frontier models like Mythos, which could reduce time-to-exploit to minutes. And by the sheer volume of code that AI tools can generate.<\/p>\n<h2><strong>Understanding the Auto-Pentest Loop<\/strong><\/h2>\n<p>To make appsec fit for the agentic AI era, it must be embedded in the building loop, contextual and operating continuously, said Barzel.<\/p>\n<p>This means&#8230;<\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/ai-coding-tools-security-agentic\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>AI Coding Tools Need Built-In Security for Agentic Development Era https:\/\/www.infosecurity-magazine.com\/news\/ai-coding-tools-security-agentic\/ Publish Date: 2026-06-05 05:00:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":264731,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/assets.infosecurity-magazine.com\/webpage\/og\/1eca068a-0ba0-4769-a12d-48ad69bf625c.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,31,34],"class_list":["post-264730","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-exploit","tag-threat-actor"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/264730"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=264730"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/264730\/revisions"}],"predecessor-version":[{"id":264732,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/264730\/revisions\/264732"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/264731"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=264730"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=264730"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=264730"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}