CybersecurityHacking

AI Coding Tools Require Embedded Security to Counter Emerging Risks

Analyst 207||Source: InfoSecMag
Developer workstation with code editor, security symbols, and modern office background.
“The idea is that security isn’t a stage in the pipeline; it’s a property of the act of creation itself,” Boaz Barzel, field CTO of Ox Security, told attendees at Infosecurity Europe on June 4.

Boaz Barzel at Infosecurity Europe: shifting security into the agent

Barzel laid out a blunt diagnosis: application security was designed for a human-paced delivery model—monthly cycles, pen tests at the end of a sprint—yet agentic AI coding tools have fundamentally altered that tempo. With AI agents able to drive “hundreds of code changes per day in a continuous cycle,” Barzel said, security can no longer be a bolt-on activity performed after development. Instead, he argued, it must be embedded into the creation loop itself: not merely shifted left in a pipeline, but shifted into the agent that writes the code.

Four agentic attack surfaces: Input, Tools, Execution, Output

Barzel identified four distinct attack surfaces that he says traditional application-security tooling does not address adequately. He described them as:

  • Input: Any instructions—examples given include prompts, guidelines or protocols—entering the agent, whether from developers, upstream agents or threat actors.
  • Tools: MCP servers, models, skills and external SaaS connections (both shadow and authorized) which could be weaponized to exfiltrate data, inject instructions or pivot laterally.
  • Execution: Both human-triggered and autonomous agents running without visibility, enforcement or accountability.
  • Output: Vulnerable or destructive code leaving the agent—examples include path traversal, injection, backdoors and exfiltration logic—produced at machine speed without human review.

Those four vectors, Barzel cautioned, are compounded by two further dynamics cited at the event: the collapse of the exploitation window brought on by powerful frontier models like Mythos, and the sheer volume of code AI tools can produce.

The Auto‑Pentest Loop: making security continuous and contextual

Barzel proposed what he called an Auto‑Pentest Loop: security agents that operate alongside coding agents so that security checks are contextual and continuous. In practice, he explained, every commit would be pentested and every fix reviewed and validated autonomously. The security system would reason about what changed, what is exposed and what risk that change introduced, enabling a predictive posture rather than a reactive one.

He sketched concrete aims for such a system: to reduce mean time to resolve (MTTR) vulnerabilities from weeks to hours; to achieve 100% coverage of autonomous security checks for merged changes; to reduce the time a known risky path is reachable in production before being gated or fixed; and for most issues to be autonomously fixed and validated, with humans reserved for complex or novel cases. “In this case, security stops being a department. It becomes a behavior of the system,” Barzel added.

Frontier models and a concrete example: Mythos and the Cline Kanban vulnerability

At Infosecurity Europe Barzel linked the rise of powerful frontier models—he named Mythos—as a factor compressing the time from discovery to exploit, potentially to minutes. He also pointed to emerging, real-world agentic risks: in May 2026, a critical vulnerability was discovered in the Cline Kanban server that could allow threat actors to silently hijack AI coding tools. That example underscores his central claim: when agents can create and alter code at machine speed, the window for exploitation and damage narrows dramatically.

What this means for technologists and security teams, procurement leaders, and threat actors

  • Technologists and security teams: Barzel’s prescription places the onus on engineering and security operations to build or adopt security agents that run continuously with coding agents, ensuring every commit is checked and fixes are validated autonomously.
  • Procurement leaders and affected enterprises: Decisions about tooling and vendor integrations will need to account for new tool-chain risks—MCP servers, models, skills and SaaS connections—because these can be co‑opted into exfiltration or lateral movement, Barzel warned.
  • Threat actors: The combination of automated code generation at scale and a compressed exploitation window creates new opportunity: vulnerabilities such as the May 2026 Cline Kanban issue could be weaponized to hijack AI coding tools if defensive behaviors are not embedded inside those agents.

Barzel’s message at Infosecurity Europe was straightforward and narrow in scope: as coding becomes agentic and continuous, security must stop being an afterthought and start being a built-in behavior of the systems that create software. The proposal is operational—autonomous pentesting, continuous validation, and a shift of responsibility from a department to the system itself—and it rests on concrete metrics and examples. The immediate questions his remarks leave hanging are practical: how quickly can organizations implement the Auto‑Pentest Loop, which existing tools can be adapted for that role, and how will those changes alter who is accountable when an agentic pipeline fails? For now, Barzel and Ox Security have thrown down a technical gauntlet: in an era when models like Mythos can speed exploitation and when a May 2026 Cline Kanban flaw could silently hijack tools, embedding security into agents is no longer optional.

https://www.infosecurity-magazine.com/news/ai-coding-tools-security-agentic/

Artificial IntelligenceDevsecopsEmerging ThreatsInfosecurity EuropeSecure CodingApplication SecurityAI Coding ToolsEmbedded Security
Related Intelligence

Continue Reading

Healthcare workers walk down a hospital corridor with a medical device screen blurred in the foreground.

Healthcare Sector Targets Urgent Shift to AI-Powered Cybersecurity

The healthcare sector is on high alert: with a toxic mix of outdated infrastructure, hyper-connectivity, and human fatigue creating a perfect storm of risk, reactive cybersecurity approaches are no longer cutting it. It's time for healthcare organizations to urgently shift to AI-powered cybersecurity to stay ahead of rapidly evolving threats.

Analyst 207
Modern office setup with laptop and monitor displaying code and system maps.

Cybersecurity Industry Scrambles to Adapt to AI-Powered Vulnerability Discovery

In a flash, an AI-powered tool uncovered a vulnerability that took down Moderna's development environment, leaving security teams scrambling to keep up with the lightning-fast capabilities of emerging tech. This game-changing incident highlights the incredible potential of AI-driven testing to expose weaknesses that human testers might miss.

Analyst 207
Empty congressional hearing room with podium and committee table under ambient daylight.

Congress Wrestles with CISA Funding Amid Rising Cyber Threats

Democrats are pushing back against a draft Republican spending bill that slashes $250 million from the Cybersecurity and Infrastructure Security Agency's funding, despite a surge in sophisticated cyber attacks. The proposed $2.4 billion budget falls short of last year's agreed-upon $2.6 billion, sparking concerns about the nation's cyber defenses.

Analyst 207
A minimalist workspace with a computer displaying a blank webpage.

Brave Launches Paid Browser Stripping Monetization Features

Meet Brave Origin, a paid browser that strips away unnecessary features for a streamlined, private browsing experience. This minimalist edition is perfect for users who want Brave's renowned privacy without the extra integrations.

Analyst 207