StepSecurity has launched Developer MDM, a beta product designed to protect developer machines and AI coding agents from software supply chain attacks. The tool addresses a gap left by traditional EDR, SCA, and MDM solutions by providing supply chain-specific visibility directly on developer workstations. Key capabilities include IDE extension security for VSCode and Cursor, monitoring of locally installed npm and Python packages, cooldown policies for newly published packages, and visibility into AI agent tool usage including MCP servers. The announcement references real-world incidents like the Sha1-Hulud campaign, the Nx s1ngularity compromise, and the Trust Wallet breach to illustrate how developer machine compromises escalate into full release pipeline takeovers. The product deploys via a lightweight script through existing MDM/EDR infrastructure and is currently available in early access.
Table of contents
The New Attack Surface: Developer Machines and AI Coding AgentsWhy AI agents change the gameWhy this isn’t just EDR, SCA, or MDMReal-World Impact: Trust Wallet shows how a developer machine compromise becomes a release compromiseRecent incidents show how exposed the developer ecosystem isIntroducing StepSecurity Developer MDMStepSecurity Developer MDM Key CapabilitiesHow StepSecurity Developer MDM WorksComplete Coverage Across the Software Development LifecycleGet Early AccessConclusionSort: