Security teams are racing to manage AI, MCP, and coding-agent risk in software development
A growing body of discussion centered on how AI coding agents, MCP servers, and agent histories create new software-security exposures. Researchers and practitioners warned that AI agents can access repositories, edit files, run commands, and touch secrets, which means normal IAM and RBAC may not be enough. New tools such as SecureAI-Scan, agentsweep, and other open-source projects are trying to detect prompt injection, scan agent histories for secrets, and generate AI bill-of-materials style inventories. Other writeups showed Cursor and similar tools being vulnerable to poisoned repository attacks or auto-executing malicious code from cloned repos. This matters because the SDLC is becoming more automated while also more opaque, and security teams need traceability for what agents saw and changed. The main shift is from 'did the code compile' to 'what did the agent access and why did it do that.'
Sources
- SecureAI-Scan v0.3.0: Local CLI scanner for AI/LLM security issues (prompt injection, MCP, RAG) — /r/cybersecurity
- Every AI coding agent writes the secrets you paste straight to a plaintext history file — and nobody scans it — /r/cybersecurity
- Are AI coding agents becoming a new security risk inside engineering teams? — /r/cybersecurity
- Cursor IDE Auto-Executes Malicious Code in Poisoned Repos — Dark Reading
- Technical analysis of wp2shell: The latest WordPress Core pre-auth RCE chain — /r/cybersecurity


Leave a Reply