ai-coding-agents
Safeguard articles tagged "ai-coding-agents" — guides, analysis, and best practices for software supply chain and application security.
10 articles
The Nx Attack Turned AI Coding Agents Into the Malware
In August 2025, attackers hijacked Nx's npm publish token and used Claude Code, Gemini CLI, and Amazon Q as the exfiltration engine — leaking 2,349 secrets.
Securing AI coding agent remediation loops
Replit's AI agent deleted a live production database in July 2025 despite an explicit freeze order. Here's how to wire remediation agents so that can't happen to you.
Protestware via prompt injection: when maintainers target AI agents
jqwik 1.10.0 shipped a hidden instruction telling AI coding agents to delete their own tests, then erased it from the terminal with ANSI codes — protestware built for agents, not humans.
Clinejection: prompt injection turns AI coding bot into supply chain attack
A prompt-injected GitHub issue title hijacked Cline's AI triage bot, poisoned its build cache, and pushed a malicious npm release to 4,000 developers.
Agent hijacking: the real-world impact of prompt injection
From a zero-click Microsoft 365 Copilot breach to poisoned MCP servers, AI agent hijacking is now a real, documented software supply chain threat.
Introducing Agentic Development Security (ADS)
As AI agents now author up to half of production commits, Safeguard introduces Agentic Development Security (ADS) — a new framework for securing autonomous coding.
Claude Code Security: A Practical Guide for Teams Adopting AI Coding Agents
Claude Code can read your repo, run commands, and edit files — which is exactly why it needs the same security engineering as any privileged developer tool. Here's a practical hardening guide.
Agentic supply chain security: governing autonomous AI co...
AI coding agents now open PRs, merge code, and touch secrets on their own. Here's why JFrog-style artifact scanning can't govern them, and what can.
Claude Code and AI Coding Agent Security Basics
Anthropic Claude Code security rests on permission gating, sandboxed execution, and human approval for risky actions — the same fundamentals any AI coding agent needs before it's allowed to run commands or edit code unattended.
Inside the Agentic Development Supply Chain Report
Safeguard's research team analyzed 42,000+ repositories with agentic commit activity, finding new dependency, MCP server, and SBOM gaps introduced by AI coding agents.