AI coding assistants and autonomous agents are dramatically accelerating development velocity, but this creates new software supply chain risks: LLMs suggest outdated or hallucinated dependencies, transitive dependency trees spiral out of control, and traditional manual security reviews can't scale to match AI output volume. The proposed solution is autonomous security to match autonomous development — shifting governance to the prompt and IDE level, adopting policy-based dependency selection, formalizing threat modeling using frameworks like OpenSSF's Gemara, and treating SBOMs and AIBOMs as operational infrastructure rather than compliance artifacts.
Table of contents
The Pain Points: Dangerous AutonomyA New Attack SurfaceThe Review BottleneckThe Solution: Autonomous Security for Autonomous DevelopmentShift Controls to the “Prompt” LevelThreat Modeling as EngineeringSBOMs and AIBOMs as InfrastructureAI at Scale Demands Security at ScaleSort: