Introduction to AI Coding Agents Security
Developers are increasingly using AI coding agents to speed up code development, but this trend also introduces a new security risk: code drift. Code drift occurs when an AI coding agent diverges from its initial intent and starts doing something different, often without being detected.
This divergence can happen due to various reasons, including organic changes within the agent or force-feeding by attacker-poisoned assets. The latter creates a more dangerous and immediate divergence, which can lead to the exfiltration of sensitive information such as tokens, SSH keys, CI secrets, source code, or developer wallet material.
Edamame's Solution
France-based Edamame has developed a runtime security system to counter the effect of code drift. The system consists of six major modules or layers that operate together to implement runtime verification and attack-pattern detection for coding agents.
- Edamame Security: A workstation trust anchor for developers and local devices that monitors posture drift, divergence, and attack findings during local agent workloads.
- Edamame Posture: A CLI and host control surface for runners, servers, and agent hosts that hardens self-hosted environments before agents operate and watches runtime evidence.
- Agent integrations: Supports various runtime surfaces such as Cursor, Claude Desktop, Claude Code, Codex, and OpenClaw, providing agent-native signals that complement host telemetry.
- Divergence engine: Joins captured coding-agent intent with process, filesystem, network, tool-call, and posture telemetry on the host.
- Attack-pattern detection engine: Runs CVE-aligned checks on live telemetry for credential harvest, token exfiltration, sandbox exploitation, sensitive-file access, and supply-chain behavior.
- Edamame Hub: Surfaces unsecured coding-agent installs across the fleet and gives teams a single place to review divergence evidence and attack findings.
Benefits of Edamame's System
Edamame's system is not just another interface bolted onto the SDLC, but a way to bring runtime verification and attack detection into places where developers and agents already work. This approach allows for immediate detection of code drift and attack patterns, enabling rapid remediation.
The system also detects the current wave of npm and PyPI supply-chain attacks reaching developer workstations through coding agents. While it may not prevent the installation of malicious packages, it would detect suspicious activity immediately after delivery, giving the victim the ability to respond quickly.
Expert Insights
Serial entrepreneur Frank Lyonnet, founder and CEO of Edamame Technologies, explains that coding agents are becoming the execution layer for software delivery, changing the security question from 'is this developer trusted?' to 'did the agent stay inside the operator's intent, on this host, under this posture?'
Kave Salamatian, professor of computer science at the University of Savoie, adds that verifying the behavior of autonomous software agents has been a recurring theme in the research community for a decade. Edamame's system is the operational expression of that work, applied to a workflow that has clearly outgrown after-the-fact monitoring.
Conclusion
In conclusion, Edamame's new platform offers a comprehensive solution to detect and prevent code drift and attack patterns in AI coding agents. By providing runtime verification and attack detection, Edamame's system enables developers to trust their coding agents and ensures the security of their software development workflow.
Source: SecurityWeek