The Hidden Security Risks of AI Coding Agents

Your AI coding agent has access to your secrets, pulls in content from the outside world, and can run shell commands. According to Joe Holdcroft, that combination makes you one prompt injection away from a very bad time. The tools haven't changed the fundamentals of security — they've just made every existing risk move faster, and introduced a few genuinely new ones. What we cover:

• Why the "lethal trifecta" of agent capabilities creates a novel threat surface
• How text and markdown files have become a new class of vulnerability
• Slop squatting: the attack vector created by agents hallucinating package names
• The context supply chain — and why it mirrors the early days of npm security
• What a "CBOM" (context bill of materials) might look like and why we may need one
• How to think about agent trust using the contractor mental model

Chapters:

00:00 Introduction 

01:40 The Lethal Trifecta: why agents are inherently risky 

03:23 Same hygiene, higher stakes 

04:08 Text as a vulnerability: markdown as a security risk 

06:08 Do AI tools make you more or less secure? 

08:09 Snyk + Tessl: scanning skills in the registry 

10:10 The context supply chain problem 

14:28 The CBOM: do we need a context bill of materials? 

17:35 Secrets, credentials, and principle of least privilege 

22:25 Balancing security with developer velocity 

36:54 One piece of advice for CTOs going all-in on AI 

Links:

• 🌐 Tessl: https://tessl.io
• Subscribe for weekly episodes on AI-native development 

If you're thinking about AI governance in your team, drop a comment — how are you handling context supply chain today?

Join the AI Native Dev Community on Discord: https://tessl.co/4ghikjh

Ask us questions: [email protected]