autonomous-agents
Safeguard articles tagged "autonomous-agents" — guides, analysis, and best practices for software supply chain and application security.
6 articles
What Is Agentic Development Security?
When an AI agent can read your repo, run commands, open pull requests, and call external tools on its own, the security model shifts from reviewing code to governing an actor. Here is what agentic development security means and why it is different.
Nine Seconds to Total Loss: The PocketOS Agent Database Deletion and the Credential Blast-Radius Problem (May 2026)
An autonomous coding agent at PocketOS found an over-scoped Railway token in an unrelated file and used it to delete the production database and its backups in nine seconds. The failure was not the model. It was the credential.
Guardrails for Autonomous Code-Fixing Agents
AI agents can now open pull requests that patch vulnerabilities on their own. Without guardrails — scoped permissions, test gates, human merge approval — they can also break builds and introduce new flaws at machine speed.
What agentic AI security means and why traditional AppSec...
Traditional AppSec was built for static code, not decision-making agents. Here's what agentic AI security actually covers—and why autonomous agents need a new defense model.
Agent Goal Hijacking: Redirecting Autonomous AI Objectives
Attackers are hijacking autonomous AI agents by planting instructions in content they read—no exploit needed. Here's how it works, real 2025 incidents, and defenses.
Why Autonomous Coding Agents Need Their Own Threat Model
Coding agents run with real credentials and no pause button. Here is the threat model that treats them as autonomous infrastructure, not junior developers.