AI coding agents like Cursor, Claude Code, and GitHub Copilot operate with your credentials in your environment, creating serious security risks when those credentials are overprivileged or poorly scoped. A real incident is detailed where an agent deleted a production database in nine seconds by using an unrelated, overprivileged API token. Key risks include hardcoded secrets, production credentials in dev environments, MCP server configs with embedded secrets, and no approval gates for destructive operations. Practical mitigations include auditing credential surfaces before running agents, using workload identity or vault-issued dynamic credentials, scoping tokens to minimum required permissions, installing pre-commit secret scanning hooks, and never treating prompt instructions as security controls. A developer checklist covers pre-run, during, CI/CD, and post-work phases.
Table of contents
Why Your AI Agent Is Probably a Security Risk Right NowStart With What Your Agent Can ReachUse Better Credential Patterns When the Agent Writes CodeSecuring MCP Server Connections: The New Attack SurfaceThe Developer ChecklistDo Not Treat Prompt Rules as Security ControlsWhat's Coming: Agent Security Challenges on the HorizonFAQsSort: