AI coding agents are installing packages no one owns
AI coding agents are increasingly installing software packages without clear accountability, exposing organizations to security risks. Aikido Security aims to address this issue by providing tools that monitor and secure package installations. The lack of defined ownership over AI agent actions is a growing concern for security teams across various industries.
- ▪Willem Delbare of Aikido Security highlights the accountability gap in AI package installations.
- ▪Aikido Endpoint offers real-time monitoring and policy enforcement to secure AI-native software development workflows.
- ▪The AI security landscape includes various companies like Socket and Endor Labs, each addressing different aspects of package security.
Opening excerpt (first ~120 words) tap to expand
“There is no accountability.” It’s how Willem Delbare, co-founder, CTO, and CEO of Aikido Security, describes to The New Stack situations in which an AI agent installs a package and nobody has decided who should be responsible for it. It exposes enterprises to all manner of attacks as people across the org — marketing, sales, product — use AI. At most companies right now, no one has made the decision, and no one owns the risk. There’s a gap that has opened up, allowing attacks to slip through, Delbare says. That is the gap Delbare says his Aikido Security is trying to close. As AI coding agents like Claude Code, GitHub Copilot, and Cursor increasingly pull packages, add dependencies, and install tools autonomously, security teams are flying blind.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at The New Stack.
Discussion
0 commentsMore from The New Stack
