CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 05, 2026

Infosecurity Europe: AI Coding Tools Need Built-In Security for Agentic Development Era

Infosecurity Magazine Archived Jun 05, 2026 ✓ Full text saved

Ox Security field CTO, Boaz Barzel, makes the case for vibe security to tackle AI agent coding risks

Full text archived locally
✦ AI Summary · Claude Sonnet


    Security must be embedded directly into AI coding tools to mitigate emerging risks associated with agentic development, Ox Security has claimed. Speaking at Infosecurity Europe on June 4, the vendor’s field CTO, Boaz Barzel, explained that traditional application security was built for human-paced delivery. That meant pen testing at the end of the monthly delivery cycle. However, AI agents now enable hundreds of code changes per day in a continuous cycle, meaning security can no longer be a bolt-on, Barzel argued. “The idea is that security isn’t a stage in the pipeline; it’s a property of the act of creation itself,” he told attendees. “We’re trying to shift left, but there’s no longer ‘left’ left to shift to. We have to shift into the agent.” Read more on agentic security risk: Threat Actor Uses AI to Build EDR Evasion Tools. AI agents introduce four distinct attack surfaces that traditional tools are not equipped to handle, Barzel explained: Input: Any instructions (eg prompts, guidelines, protocols) entering the agent – be they from developers, upstream agents or threat actors Tools: MCP servers, models, skills and external SaaS connections (shadow and authorized) which could be weaponized to exfiltrate data, inject instructions or pivot laterally Execution: Both human-triggered and autonomous agents running without visibility, enforcement or accountability Output: Vulnerable or destructive code leaving the agent (eg path traversal, injection, backdoors, exfiltration logic) at machine speed without human review These challenges are compounded by the collapse of the exploitation window thanks to powerful frontier models like Mythos, which could reduce time-to-exploit to minutes. And by the sheer volume of code that AI tools can generate. Understanding the Auto-Pentest Loop To make appsec fit for the agentic AI era, it must be embedded in the building loop, contextual and operating continuously, said Barzel. This means security agents working alongside coding agents, with every commit pentested and every fix reviewed and validated autonomously. The system reasons about what has changed, what is exposed and what risk it introduced, so that it is predictive, not reactive, he explained. “In this case, security stops being a department. It becomes a behavior of the system,” Barzel added. The aim is for: Mean time to resolve (MTTR) vulnerabilities to fall from weeks to hours 100% coverage of autonomous security checks for merged changes Reduction in the time a known risky path is reachable in production before being gated or fixed Most issues to be autonomously fixed and validated, with humans only needed to assess more complex or novel issues New agentic coding risks are being uncovered on a regular basis. For example, in May 2026, a critical vulnerability was discovered in the Cline Kanban server which could allow threat actors to silently hijack AI coding tools.
    💬 Team Notes
    Article Info
    Source
    Infosecurity Magazine
    Category
    ◇ Industry News & Leadership
    Published
    Jun 05, 2026
    Archived
    Jun 05, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗