Productive ? Yes. Secure ? Well, that depends…

The hidden security trade-offs of unverified AI dependencies.
A timeline of Events
- Feb 2022 : Aqua Security discovered that by exploiting AI coding tools’ hallucinations while suggesting packages and downloading similar package name dependencies, hackers were making random malicious packages and publishing them on npm and PyPI which would then be downloaded as regular dependencies.
- June 2025 : ‘Camoleak’, a vulnerability in Github copilot, caused hidden instruction in PRs in public repositories to steal user’s data by generating a series of pixelated images.
- July 2025 : Replit’s AI coding assistant, despite ongoing code freeze, deletes records for 1,206 executives and nearly 1,200 companies. In another incident in the same month Github Copilot fell victim to an attack in which it executed malicious instructions hidden inside code repos, which upon reading activated the ‘auto approve’ or YOLO mode, allowing it to execute any command without any permissions on the user’s system.
- June 2026 : A severe vulnerability was found in Github that allowed attackers to steal your private data. Initially a hidden instruction, it utilised the fetch_webpage utility to access files outside of the user's local workspace.
Fast forward to today, I received my infosec training at my new workplace to understand phishing emails, physical security (shoulder surfing, badge access), password hygiene, and safe usage of company data.
A Random Movie Quote
In Top Gun: Maverick, where Tom Cruise’s character on his first day as instructor initially shows the trainees the F-18 Fighter jet manual for ‘standard operating procedures’ before throwing it in the trash, explaining that the enemy knows about it just as well as the trainees do.

Standard operating procedures only work if the environment is predictable.
The Era of AI coding Agents
Before the age of AI-companions, the skepticism with unknown code and binaries was very well understood, and hence reading and reviewing information before putting it anywhere near their codebase was the norm-well, most of the time. With the advent of coding agents, simply opening or reading a vulnerable repo or a file can trigger hidden instructions that are read and unintentionally executed by AI coding agents, exposing your and your organisation’s data to unintended users and systems over the internet, and that too in the blink of an eye.
While many vulnerabilities in AI coding agents and companions are being discovered and patched as soon as they are identified, many still lurk in the shadows. With the pressure currently being put on by company management to increase the efficiency and maximise output with AI, the developers are put into a standoff between productivity and security. They are under constant pressure to find a middle way, and with the outdated security and awareness regarding these threats, productivity and fast execution take over and win - well, most of the time.
Leaders must Lead
Company leadership must understand the risks while spending heavily on such tools, and should have regular open communication with middle management and developers. This saves them from the dilemma, that while things may seem fine for now, putting constant pressure towards increasing productivity can become counter productive in a moment, as even a single security incident can damage decades worth of reputation, trust, and brand value for a firm.
Quoting Alexander Pope, “a little learning is a dangerous thing”, organisations should provide training related to such tools before they apply mandates for the usage of AI coding tools and companions, so that both the advantages and risks associated with them are provided to individuals. This will help them not only in understanding the tools better, but also mitigating and avoiding any risks that may come along the way while working with them.
Devs: Execute and Communicate
As developers, we should always be transparent about our usage and dependence, as well as our efficiency with AI tools. Misquoting AI’s tools usage, and applied use case numbers to leadership just to ‘please’ them, and puts pressure on peers to escape ‘FOMO’ by blindly using tools in tasks without having enough appropriate knowledge.
We should always ensure while working that configuration rules for scripts, background shell commands and workspace edits always require human verification popups.
Whether summarising external code elements, branches, or README files, always verify their legitimacy first. Always review and supervise their work, make sure they ask for permission before executing tasks, and verify the approach before installing new dependencies in our code.

Shifting the developer’s role from code writer to supervisor.
Conclusion
AI coding tools are great, and words cannot describe how well they have integrated themselves in our workflows and helped in our productivity, turning days into hours, and hours to mere minutes. Powerful, Yes. Responsible ? That’s on us!

Navigating the delicate balance between high output and systemic risk.
Quoting Spider-Man “With great power comes great responsibility”. The fact that most of these incidents are mainly caused by haste, unsupervised and unverified approvals and minimal due diligence is more than enough to solidify our role as not a developer anymore, but more of a supervisor or reviewer, with the AI code companion being a junior or a protege under our command. And since we would not just hand out the responsibility of keys to sensitive company data to an inexperienced person no matter how much potential they hold, we should follow the same approach with AI coding agents as well.
Top comments (0)