Adopt Agentic AI in Software Development FAST! (Spoiler: You Probably Shouldn't.)
Do you ever get the feeling as a cybersecurity professional that right now, everyone is entering hyperdrive on agentic AI, when maybe it’s time to go slow and reflect? Well, what many of us have been seeing in our AI security crystal balls is now suddenly reality.
On Friday, the 14th of November, Anthropic (one of the world's most well-known vendors for LLMs, thanks to its popular Claude Code tool) released a groundbreaking paper on a cyber incident they observed in September 2025, that targeted everyone from large tech companies, financial institutions, and chemical manufacturing companies, to government agencies.
So, what’s all the fuss about, and what makes this so concerning? In layman's terms, a highly advanced threat actor (allegedly a nation-state) used Claude Code and a range of tools in the developer environment, leveraging Model Context Protocol (MCP) systems, to almost autonomously, at scale, use benign open-source hacking tools to target carefully selected companies. There were over 30 attempted attacks; several were successful, proving that AI agents could indeed execute devastating breaches with very little human intervention.
Last month, GlassWorm, a first self-propagating worm targeting VS Code extensions, was identified by Koi Security. While the latter is not a new attack vector, there is a new wave of coding extensions (including MCP servers) that, at first glance, have benign functionality, but under the hood host a range of malicious activities that could compromise a developer’s endpoint quickly.
Maybe it’s time we slowed down, took a deep breath, and put our heads together to work out how best to defend against this new threat profile.
Securing systems against high-velocity AI agents
The recent paper by Anthropic highlights a potent new threat, one that confirms the long-held fears of many in the security community, by showing how AI can dramatically accelerate and amplify distributed risk. This development gives malicious actors further advantage, which is maddening considering the head start they already have over burnt-out, stretched security personnel managing the tech sprawl in the average enterprise.
In essence, state-sponsored attackers managed to "jailbreak" the Claude Code model. They successfully tricked the AI into circumventing its sophisticated security protocols to execute hostile operations. Once compromised, the rogue AI agent, utilizing its MCP access, rapidly infiltrated various corporate systems and tools. It located and pinpointed highly sensitive databases within the target organizations in a timeframe that would be impossible for even the most advanced human hacking collectives.
This breach unleashed a terrifying cascade of actions: comprehensive vulnerability testing, the automated generation of malicious code, and even the self-documentation of the attack, complete with system scan logs and the Personally Identifiable Information (PII) it successfully nabbed.
For security veterans, this is a genuine nightmare scenario. How can human teams possibly match the sheer speed and destructive capability of an attack vector powered by this kind of AI?
A developer’s endpoint and this new AI ecosystem offer new attack vectors
Every developer prefers their own IDE, whether it's the classic VSCode, JetBrains’ IntelliJ or Eclipse, or the newer Cline, Windsurf or Cursor, and most of these have App marketplaces offering extensions to download and install. These extensions are rarely scrutinized for malicious activity, typically ship over-permissioned and have access to a sandboxed environment where they can access files.
These environments are now all integrating AI capabilities, AI agents and a range of new tools these agents can use (MCP servers, for example). Often, these are all published through marketplaces where any developer can release their new tools. And yes, you guessed it, these MCP servers can often read, write and execute commands on a system all through an AI environment that is most likely vulnerable to prompt injections. What possibly could go wrong?
The non-negotiable need for AI tool traceability and observability
It’s all at once complex yet simple: If a CISO has no idea which developers are using which AI tools, what code is being committed, or which repositories are augmented by human-AI collaboration, then a huge dataset is missing, and observability needs to improve yesterday.
The rapid integration of AI coding assistants and MCP servers, now leveraged by a vast majority of developers, has created a critical security blind spot within the SDLC. The data is alarming: up to 50% of functionally correct LLM-generated code has been found to contain security bugs, yet without proper observability, CISOs and AppSec teams lack actionable insight into the sheer volume and sources of this high-risk code being introduced. This critical lack of traceability renders effective AI governance in the form of policy enforcement and risk mitigation functionally impossible.
To safely maximize the immense productivity gains offered by AI, organizations must mandate solutions that provide complete, deep visibility into the AI attack surface. Secure Code Warrior has SCW Trust Agent: AI in closed beta with a select number of our customers. This capability provides deep observability by actively monitoring AI-generated code traffic (including MCP servers) in real-time on the developer’s local machine, and IDE tracking it through pull requests and commits to actual software repositories. Accurate security traceability is achieved only by correlating three vital signals: the specific AI coding tool and LLM model used, the targeted code repository, and, most critically, the contributing developer's measured secure coding proficiency.
Only by establishing this verifiable chain of correlation can an organization accurately benchmark the actual security risk being introduced, automate robust policy enforcement, and ensure that AI-enabled developers meet mandatory secure coding standards before their contributions successfully bypass existing guardrails.
Get in touch with us if you’d like to know more or see a demo of supercharged AI governance in action, or just send a message to join the beta program.
Is the cybersecurity world moving too fast on agentic AI? The future of AI security is here, and it's time for experts to move from reflection to reality.
Chief Executive Officer, Chairman, and Co-Founder
Secure Code Warrior est là pour aider votre organisation à sécuriser le code tout au long du cycle de développement logiciel et à créer une culture dans laquelle la cybersécurité est une priorité. Que vous soyez responsable de la sécurité des applications, développeur, responsable de la sécurité informatique ou toute autre personne impliquée dans la sécurité, nous pouvons aider votre organisation à réduire les risques associés à un code non sécurisé.
Réservez une démo
Chief Executive Officer, Chairman, and Co-Founder
Pieter Danhieux is a globally recognized security expert, with over 12 years experience as a security consultant and 8 years as a Principal Instructor for SANS teaching offensive techniques on how to target and assess organizations, systems and individuals for security weaknesses. In 2016, he was recognized as one of the Coolest Tech people in Australia (Business Insider), awarded Cyber Security Professional of the Year (AISA - Australian Information Security Association) and holds GSE, CISSP, GCIH, GCFA, GSEC, GPEN, GWAPT, GCIA certifications.
Do you ever get the feeling as a cybersecurity professional that right now, everyone is entering hyperdrive on agentic AI, when maybe it’s time to go slow and reflect? Well, what many of us have been seeing in our AI security crystal balls is now suddenly reality.
On Friday, the 14th of November, Anthropic (one of the world's most well-known vendors for LLMs, thanks to its popular Claude Code tool) released a groundbreaking paper on a cyber incident they observed in September 2025, that targeted everyone from large tech companies, financial institutions, and chemical manufacturing companies, to government agencies.
So, what’s all the fuss about, and what makes this so concerning? In layman's terms, a highly advanced threat actor (allegedly a nation-state) used Claude Code and a range of tools in the developer environment, leveraging Model Context Protocol (MCP) systems, to almost autonomously, at scale, use benign open-source hacking tools to target carefully selected companies. There were over 30 attempted attacks; several were successful, proving that AI agents could indeed execute devastating breaches with very little human intervention.
Last month, GlassWorm, a first self-propagating worm targeting VS Code extensions, was identified by Koi Security. While the latter is not a new attack vector, there is a new wave of coding extensions (including MCP servers) that, at first glance, have benign functionality, but under the hood host a range of malicious activities that could compromise a developer’s endpoint quickly.
Maybe it’s time we slowed down, took a deep breath, and put our heads together to work out how best to defend against this new threat profile.
Securing systems against high-velocity AI agents
The recent paper by Anthropic highlights a potent new threat, one that confirms the long-held fears of many in the security community, by showing how AI can dramatically accelerate and amplify distributed risk. This development gives malicious actors further advantage, which is maddening considering the head start they already have over burnt-out, stretched security personnel managing the tech sprawl in the average enterprise.
In essence, state-sponsored attackers managed to "jailbreak" the Claude Code model. They successfully tricked the AI into circumventing its sophisticated security protocols to execute hostile operations. Once compromised, the rogue AI agent, utilizing its MCP access, rapidly infiltrated various corporate systems and tools. It located and pinpointed highly sensitive databases within the target organizations in a timeframe that would be impossible for even the most advanced human hacking collectives.
This breach unleashed a terrifying cascade of actions: comprehensive vulnerability testing, the automated generation of malicious code, and even the self-documentation of the attack, complete with system scan logs and the Personally Identifiable Information (PII) it successfully nabbed.
For security veterans, this is a genuine nightmare scenario. How can human teams possibly match the sheer speed and destructive capability of an attack vector powered by this kind of AI?
A developer’s endpoint and this new AI ecosystem offer new attack vectors
Every developer prefers their own IDE, whether it's the classic VSCode, JetBrains’ IntelliJ or Eclipse, or the newer Cline, Windsurf or Cursor, and most of these have App marketplaces offering extensions to download and install. These extensions are rarely scrutinized for malicious activity, typically ship over-permissioned and have access to a sandboxed environment where they can access files.
These environments are now all integrating AI capabilities, AI agents and a range of new tools these agents can use (MCP servers, for example). Often, these are all published through marketplaces where any developer can release their new tools. And yes, you guessed it, these MCP servers can often read, write and execute commands on a system all through an AI environment that is most likely vulnerable to prompt injections. What possibly could go wrong?
The non-negotiable need for AI tool traceability and observability
It’s all at once complex yet simple: If a CISO has no idea which developers are using which AI tools, what code is being committed, or which repositories are augmented by human-AI collaboration, then a huge dataset is missing, and observability needs to improve yesterday.
The rapid integration of AI coding assistants and MCP servers, now leveraged by a vast majority of developers, has created a critical security blind spot within the SDLC. The data is alarming: up to 50% of functionally correct LLM-generated code has been found to contain security bugs, yet without proper observability, CISOs and AppSec teams lack actionable insight into the sheer volume and sources of this high-risk code being introduced. This critical lack of traceability renders effective AI governance in the form of policy enforcement and risk mitigation functionally impossible.
To safely maximize the immense productivity gains offered by AI, organizations must mandate solutions that provide complete, deep visibility into the AI attack surface. Secure Code Warrior has SCW Trust Agent: AI in closed beta with a select number of our customers. This capability provides deep observability by actively monitoring AI-generated code traffic (including MCP servers) in real-time on the developer’s local machine, and IDE tracking it through pull requests and commits to actual software repositories. Accurate security traceability is achieved only by correlating three vital signals: the specific AI coding tool and LLM model used, the targeted code repository, and, most critically, the contributing developer's measured secure coding proficiency.
Only by establishing this verifiable chain of correlation can an organization accurately benchmark the actual security risk being introduced, automate robust policy enforcement, and ensure that AI-enabled developers meet mandatory secure coding standards before their contributions successfully bypass existing guardrails.
Get in touch with us if you’d like to know more or see a demo of supercharged AI governance in action, or just send a message to join the beta program.
Do you ever get the feeling as a cybersecurity professional that right now, everyone is entering hyperdrive on agentic AI, when maybe it’s time to go slow and reflect? Well, what many of us have been seeing in our AI security crystal balls is now suddenly reality.
On Friday, the 14th of November, Anthropic (one of the world's most well-known vendors for LLMs, thanks to its popular Claude Code tool) released a groundbreaking paper on a cyber incident they observed in September 2025, that targeted everyone from large tech companies, financial institutions, and chemical manufacturing companies, to government agencies.
So, what’s all the fuss about, and what makes this so concerning? In layman's terms, a highly advanced threat actor (allegedly a nation-state) used Claude Code and a range of tools in the developer environment, leveraging Model Context Protocol (MCP) systems, to almost autonomously, at scale, use benign open-source hacking tools to target carefully selected companies. There were over 30 attempted attacks; several were successful, proving that AI agents could indeed execute devastating breaches with very little human intervention.
Last month, GlassWorm, a first self-propagating worm targeting VS Code extensions, was identified by Koi Security. While the latter is not a new attack vector, there is a new wave of coding extensions (including MCP servers) that, at first glance, have benign functionality, but under the hood host a range of malicious activities that could compromise a developer’s endpoint quickly.
Maybe it’s time we slowed down, took a deep breath, and put our heads together to work out how best to defend against this new threat profile.
Securing systems against high-velocity AI agents
The recent paper by Anthropic highlights a potent new threat, one that confirms the long-held fears of many in the security community, by showing how AI can dramatically accelerate and amplify distributed risk. This development gives malicious actors further advantage, which is maddening considering the head start they already have over burnt-out, stretched security personnel managing the tech sprawl in the average enterprise.
In essence, state-sponsored attackers managed to "jailbreak" the Claude Code model. They successfully tricked the AI into circumventing its sophisticated security protocols to execute hostile operations. Once compromised, the rogue AI agent, utilizing its MCP access, rapidly infiltrated various corporate systems and tools. It located and pinpointed highly sensitive databases within the target organizations in a timeframe that would be impossible for even the most advanced human hacking collectives.
This breach unleashed a terrifying cascade of actions: comprehensive vulnerability testing, the automated generation of malicious code, and even the self-documentation of the attack, complete with system scan logs and the Personally Identifiable Information (PII) it successfully nabbed.
For security veterans, this is a genuine nightmare scenario. How can human teams possibly match the sheer speed and destructive capability of an attack vector powered by this kind of AI?
A developer’s endpoint and this new AI ecosystem offer new attack vectors
Every developer prefers their own IDE, whether it's the classic VSCode, JetBrains’ IntelliJ or Eclipse, or the newer Cline, Windsurf or Cursor, and most of these have App marketplaces offering extensions to download and install. These extensions are rarely scrutinized for malicious activity, typically ship over-permissioned and have access to a sandboxed environment where they can access files.
These environments are now all integrating AI capabilities, AI agents and a range of new tools these agents can use (MCP servers, for example). Often, these are all published through marketplaces where any developer can release their new tools. And yes, you guessed it, these MCP servers can often read, write and execute commands on a system all through an AI environment that is most likely vulnerable to prompt injections. What possibly could go wrong?
The non-negotiable need for AI tool traceability and observability
It’s all at once complex yet simple: If a CISO has no idea which developers are using which AI tools, what code is being committed, or which repositories are augmented by human-AI collaboration, then a huge dataset is missing, and observability needs to improve yesterday.
The rapid integration of AI coding assistants and MCP servers, now leveraged by a vast majority of developers, has created a critical security blind spot within the SDLC. The data is alarming: up to 50% of functionally correct LLM-generated code has been found to contain security bugs, yet without proper observability, CISOs and AppSec teams lack actionable insight into the sheer volume and sources of this high-risk code being introduced. This critical lack of traceability renders effective AI governance in the form of policy enforcement and risk mitigation functionally impossible.
To safely maximize the immense productivity gains offered by AI, organizations must mandate solutions that provide complete, deep visibility into the AI attack surface. Secure Code Warrior has SCW Trust Agent: AI in closed beta with a select number of our customers. This capability provides deep observability by actively monitoring AI-generated code traffic (including MCP servers) in real-time on the developer’s local machine, and IDE tracking it through pull requests and commits to actual software repositories. Accurate security traceability is achieved only by correlating three vital signals: the specific AI coding tool and LLM model used, the targeted code repository, and, most critically, the contributing developer's measured secure coding proficiency.
Only by establishing this verifiable chain of correlation can an organization accurately benchmark the actual security risk being introduced, automate robust policy enforcement, and ensure that AI-enabled developers meet mandatory secure coding standards before their contributions successfully bypass existing guardrails.
Get in touch with us if you’d like to know more or see a demo of supercharged AI governance in action, or just send a message to join the beta program.
Cliquez sur le lien ci-dessous et téléchargez le PDF de cette ressource.
Secure Code Warrior est là pour aider votre organisation à sécuriser le code tout au long du cycle de développement logiciel et à créer une culture dans laquelle la cybersécurité est une priorité. Que vous soyez responsable de la sécurité des applications, développeur, responsable de la sécurité informatique ou toute autre personne impliquée dans la sécurité, nous pouvons aider votre organisation à réduire les risques associés à un code non sécurisé.
Afficher le rapportRéservez une démo
Chief Executive Officer, Chairman, and Co-Founder
Pieter Danhieux is a globally recognized security expert, with over 12 years experience as a security consultant and 8 years as a Principal Instructor for SANS teaching offensive techniques on how to target and assess organizations, systems and individuals for security weaknesses. In 2016, he was recognized as one of the Coolest Tech people in Australia (Business Insider), awarded Cyber Security Professional of the Year (AISA - Australian Information Security Association) and holds GSE, CISSP, GCIH, GCFA, GSEC, GPEN, GWAPT, GCIA certifications.
Do you ever get the feeling as a cybersecurity professional that right now, everyone is entering hyperdrive on agentic AI, when maybe it’s time to go slow and reflect? Well, what many of us have been seeing in our AI security crystal balls is now suddenly reality.
On Friday, the 14th of November, Anthropic (one of the world's most well-known vendors for LLMs, thanks to its popular Claude Code tool) released a groundbreaking paper on a cyber incident they observed in September 2025, that targeted everyone from large tech companies, financial institutions, and chemical manufacturing companies, to government agencies.
So, what’s all the fuss about, and what makes this so concerning? In layman's terms, a highly advanced threat actor (allegedly a nation-state) used Claude Code and a range of tools in the developer environment, leveraging Model Context Protocol (MCP) systems, to almost autonomously, at scale, use benign open-source hacking tools to target carefully selected companies. There were over 30 attempted attacks; several were successful, proving that AI agents could indeed execute devastating breaches with very little human intervention.
Last month, GlassWorm, a first self-propagating worm targeting VS Code extensions, was identified by Koi Security. While the latter is not a new attack vector, there is a new wave of coding extensions (including MCP servers) that, at first glance, have benign functionality, but under the hood host a range of malicious activities that could compromise a developer’s endpoint quickly.
Maybe it’s time we slowed down, took a deep breath, and put our heads together to work out how best to defend against this new threat profile.
Securing systems against high-velocity AI agents
The recent paper by Anthropic highlights a potent new threat, one that confirms the long-held fears of many in the security community, by showing how AI can dramatically accelerate and amplify distributed risk. This development gives malicious actors further advantage, which is maddening considering the head start they already have over burnt-out, stretched security personnel managing the tech sprawl in the average enterprise.
In essence, state-sponsored attackers managed to "jailbreak" the Claude Code model. They successfully tricked the AI into circumventing its sophisticated security protocols to execute hostile operations. Once compromised, the rogue AI agent, utilizing its MCP access, rapidly infiltrated various corporate systems and tools. It located and pinpointed highly sensitive databases within the target organizations in a timeframe that would be impossible for even the most advanced human hacking collectives.
This breach unleashed a terrifying cascade of actions: comprehensive vulnerability testing, the automated generation of malicious code, and even the self-documentation of the attack, complete with system scan logs and the Personally Identifiable Information (PII) it successfully nabbed.
For security veterans, this is a genuine nightmare scenario. How can human teams possibly match the sheer speed and destructive capability of an attack vector powered by this kind of AI?
A developer’s endpoint and this new AI ecosystem offer new attack vectors
Every developer prefers their own IDE, whether it's the classic VSCode, JetBrains’ IntelliJ or Eclipse, or the newer Cline, Windsurf or Cursor, and most of these have App marketplaces offering extensions to download and install. These extensions are rarely scrutinized for malicious activity, typically ship over-permissioned and have access to a sandboxed environment where they can access files.
These environments are now all integrating AI capabilities, AI agents and a range of new tools these agents can use (MCP servers, for example). Often, these are all published through marketplaces where any developer can release their new tools. And yes, you guessed it, these MCP servers can often read, write and execute commands on a system all through an AI environment that is most likely vulnerable to prompt injections. What possibly could go wrong?
The non-negotiable need for AI tool traceability and observability
It’s all at once complex yet simple: If a CISO has no idea which developers are using which AI tools, what code is being committed, or which repositories are augmented by human-AI collaboration, then a huge dataset is missing, and observability needs to improve yesterday.
The rapid integration of AI coding assistants and MCP servers, now leveraged by a vast majority of developers, has created a critical security blind spot within the SDLC. The data is alarming: up to 50% of functionally correct LLM-generated code has been found to contain security bugs, yet without proper observability, CISOs and AppSec teams lack actionable insight into the sheer volume and sources of this high-risk code being introduced. This critical lack of traceability renders effective AI governance in the form of policy enforcement and risk mitigation functionally impossible.
To safely maximize the immense productivity gains offered by AI, organizations must mandate solutions that provide complete, deep visibility into the AI attack surface. Secure Code Warrior has SCW Trust Agent: AI in closed beta with a select number of our customers. This capability provides deep observability by actively monitoring AI-generated code traffic (including MCP servers) in real-time on the developer’s local machine, and IDE tracking it through pull requests and commits to actual software repositories. Accurate security traceability is achieved only by correlating three vital signals: the specific AI coding tool and LLM model used, the targeted code repository, and, most critically, the contributing developer's measured secure coding proficiency.
Only by establishing this verifiable chain of correlation can an organization accurately benchmark the actual security risk being introduced, automate robust policy enforcement, and ensure that AI-enabled developers meet mandatory secure coding standards before their contributions successfully bypass existing guardrails.
Get in touch with us if you’d like to know more or see a demo of supercharged AI governance in action, or just send a message to join the beta program.
Table des matières
Chief Executive Officer, Chairman, and Co-Founder
Secure Code Warrior est là pour aider votre organisation à sécuriser le code tout au long du cycle de développement logiciel et à créer une culture dans laquelle la cybersécurité est une priorité. Que vous soyez responsable de la sécurité des applications, développeur, responsable de la sécurité informatique ou toute autre personne impliquée dans la sécurité, nous pouvons aider votre organisation à réduire les risques associés à un code non sécurisé.
Réservez une démoTéléchargerRessources pour vous aider à démarrer
Sujets et contenus de formation sur le code sécurisé
Notre contenu de pointe évolue constamment pour s'adapter à l'évolution constante du paysage du développement de logiciels tout en tenant compte de votre rôle. Des sujets couvrant tout, de l'IA à l'injection XQuery, proposés pour une variété de postes, allant des architectes aux ingénieurs en passant par les chefs de produit et l'assurance qualité. Découvrez un aperçu de ce que notre catalogue de contenu a à offrir par sujet et par rôle.
%20(1).avif)
.avif)
Threat Modeling with AI: Turning Every Developer into a Threat Modeler
Walk away better equipped to help developers combine threat modeling ideas and techniques with the AI tools they're already using to strengthen security, improve collaboration, and build more resilient software from the start.
Ressources pour vous aider à démarrer
Cybermon est de retour : les missions d'IA Beat the Boss sont désormais disponibles à la demande
Cybermon 2025 Beat the Boss est désormais disponible toute l'année dans SCW. Déployez des défis de sécurité avancés liés à l'IA et au LLM pour renforcer le développement sécurisé de l'IA à grande échelle.
Explication de la loi sur la cyberrésilience : ce que cela signifie pour le développement de logiciels sécurisés dès la conception
Découvrez ce que la loi européenne sur la cyberrésilience (CRA) exige, à qui elle s'applique et comment les équipes d'ingénieurs peuvent se préparer grâce à des pratiques de sécurité dès la conception, à la prévention des vulnérabilités et au renforcement des capacités des développeurs.
Facilitateur 1 : Critères de réussite définis et mesurables
Enabler 1 donne le coup d'envoi de notre série en 10 parties intitulée Enablers of Success en montrant comment associer le codage sécurisé à des résultats commerciaux tels que la réduction des risques et la rapidité pour assurer la maturité à long terme des programmes.
