AI coding agents inherit all traditional package security risks but operate faster than humans can review, making supply chain attacks more dangerous. Key defenses include: disabling install scripts by default, implementing dependency cooldown periods (24-72 hours after publication), sandboxing package installation with no credential access, restricting agents to allowlisted registries, pinning and verifying lockfiles, requiring package provenance attestations, scoping agent permissions to specific tasks, treating MCP server metadata as untrusted input, and monitoring all dependency behavior. For platform designers: separate install and execution phases, provision scoped short-lived credentials, log full dependency audit trails, and design blast radius containment so a single compromised install can't propagate across tasks or exfiltrate credentials.
Sort: