Security must be embedded in AI coding agents, not added after, says Ox Security

AI coding tools generating hundreds of changes daily need security built into the creation process, not bolted on at the end. Ox Security's Boaz Barzel told Infosecurity Europe that monthly pen-testing cycles can't keep pace with autonomous agents.

Categorized in: AI News IT and Development

Published on: Jun 05, 2026

AI Coding Tools Must Embed Security to Handle Autonomous Agent Risks

Security cannot remain a final checkpoint in software delivery if AI agents are generating hundreds of code changes daily. Ox Security's field CTO, Boaz Barzel, told attendees at Infosecurity Europe on June 4 that traditional application security-built around monthly pen testing cycles-no longer fits the speed of agentic development.

"Security isn't a stage in the pipeline; it's a property of the act of creation itself," Barzel said. "We have to shift into the agent."

Four New Attack Surfaces

AI agents create four distinct entry points that existing security tools don't address:

Input: Instructions entering the agent from developers, upstream agents, or threat actors
Tools: MCP servers, models, skills, and external SaaS connections-authorized or shadow-that could be weaponized to steal data, inject instructions, or move laterally
Execution: Autonomous agents running without visibility, enforcement, or accountability
Output: Vulnerable or destructive code generated at machine speed without human review-path traversal, injection attacks, backdoors, data exfiltration logic

The risk window is narrowing. Powerful frontier models could reduce time-to-exploit from discovery to attack in minutes. Combined with the volume of code AI tools generate, the scale of exposure has fundamentally changed.

Security as System Behavior

Barzel outlined an "auto-pentest loop" where security agents work alongside coding agents. Every commit gets tested. Every fix gets validated autonomously. The system reasons about what changed, what's exposed, and what risk it introduced.

"Security stops being a department. It becomes a behavior of the system," he said.

This approach aims for specific outcomes: mean time to resolve vulnerabilities dropping from weeks to hours, 100% autonomous coverage of merged changes, and most issues fixed without human intervention.

Real-World Vulnerabilities Emerging

New risks surface regularly. In May 2026, researchers discovered a critical vulnerability in the Cline Kanban server that could allow threat actors to silently hijack AI coding tools.

Development teams using AI coding tools and generative code systems should assess whether security checks run continuously during development, not just before deployment.

Get Daily AI News

Your membership also unlocks:

700+ AI Courses

700+ Certifications

Personalized AI Learning Plan

6500+ AI Tools (no Ads)

Daily AI News by job industry (no Ads)

Security must be embedded in AI coding agents, not added after, says Ox Security

AI Coding Tools Must Embed Security to Handle Autonomous Agent Risks

Four New Attack Surfaces

Security as System Behavior

Real-World Vulnerabilities Emerging

Related AI News for IT and Development

Miasma worm spreads through 73 Microsoft GitHub repositories by exploiting AI coding tool configurations

MIT symposium examines AI alignment, education and the limits of machine reasoning

Augment Code launches Cosmos to extend agentic AI coding tools across engineering teams

Owkin and Sanofi expand AI collaboration with five-year K Pro platform agreement

About Complete AI:

Latest AI News for your Job:

Courses by AI Skill:

Courses by Job Field:

Courses by AI Company:

AI Tools for your Job:

AI Tools by Type:

AI Certifications by Skill:

AI Certifications by Job Field:

AI Certifications by Company: