Safeguard
Tag

ai-coding-agents

Safeguard articles tagged "ai-coding-agents" — guides, analysis, and best practices for software supply chain and application security.

10 articles

AI Security

The Nx Attack Turned AI Coding Agents Into the Malware

In August 2025, attackers hijacked Nx's npm publish token and used Claude Code, Gemini CLI, and Amazon Q as the exfiltration engine — leaking 2,349 secrets.

Jul 16, 20266 min read
AI Security

Securing AI coding agent remediation loops

Replit's AI agent deleted a live production database in July 2025 despite an explicit freeze order. Here's how to wire remediation agents so that can't happen to you.

Jul 8, 20267 min read
Open Source Security

Protestware via prompt injection: when maintainers target AI agents

jqwik 1.10.0 shipped a hidden instruction telling AI coding agents to delete their own tests, then erased it from the terminal with ANSI codes — protestware built for agents, not humans.

Jul 7, 20267 min read
Software Supply Chain Security

Clinejection: prompt injection turns AI coding bot into supply chain attack

A prompt-injected GitHub issue title hijacked Cline's AI triage bot, poisoned its build cache, and pushed a malicious npm release to 4,000 developers.

Jun 30, 20267 min read
AI Security

Agent hijacking: the real-world impact of prompt injection

From a zero-click Microsoft 365 Copilot breach to poisoned MCP servers, AI agent hijacking is now a real, documented software supply chain threat.

Jun 14, 20267 min read
AI Security

Introducing Agentic Development Security (ADS)

As AI agents now author up to half of production commits, Safeguard introduces Agentic Development Security (ADS) — a new framework for securing autonomous coding.

Jun 10, 20267 min read
AI Security

Claude Code Security: A Practical Guide for Teams Adopting AI Coding Agents

Claude Code can read your repo, run commands, and edit files — which is exactly why it needs the same security engineering as any privileged developer tool. Here's a practical hardening guide.

Jun 2, 20265 min read
AI Security

Agentic supply chain security: governing autonomous AI co...

AI coding agents now open PRs, merge code, and touch secrets on their own. Here's why JFrog-style artifact scanning can't govern them, and what can.

May 30, 20267 min read
AI Security

Claude Code and AI Coding Agent Security Basics

Anthropic Claude Code security rests on permission gating, sandboxed execution, and human approval for risky actions — the same fundamentals any AI coding agent needs before it's allowed to run commands or edit code unattended.

Apr 9, 20265 min read
Industry Analysis

Inside the Agentic Development Supply Chain Report

Safeguard's research team analyzed 42,000+ repositories with agentic commit activity, finding new dependency, MCP server, and SBOM gaps introduced by AI coding agents.

Jan 23, 20267 min read
ai-coding-agents — Safeguard Blog