Now in early access, book a 30-minute demo →
Top riskmedium

AI-Generated Vulnerabilities

AI agents generate code faster than human review was ever sized for. The result is not malware but quiet exposure growth: insecure patterns replicated at scale, hallucinated dependencies attackers can register, and secrets committed into generated config.

AI agentgenerates code + deps Endpoint Sensorattributes agent output Repositorymerged code + manifests CI / productionbuilds and deploys Package registrypublic index Attackerregisters pkg / exploits commits code builds installs dep registers name exploits flaw inventory + audit
Agent-authored code and dependencies flow into the repo and CI, where a hallucinated package name or an unreviewed flaw becomes the attacker's entry point.

Most risks in this model involve an attacker steering an agent. This one is quieter and needs no attacker at the keyboard: the agent, working as intended, produces code faster than anyone can review it, and a fraction of it is insecure. At fleet scale, a small defect rate becomes a large and growing pool of exposure - steady erosion, not a dramatic breach.

What separates this from ordinary developer mistakes is volume and provenance. A team now merges hundreds of agent-authored changes while review capacity is unchanged, and because the code was generated, no human holds a mental model of it - so when it turns out to be vulnerable, there is often no record of which agent wrote it.

How the risk arises

Models learn to write code by imitating public code, which is full of insecure idioms: string-concatenated SQL, disabled TLS verification, hardcoded fallback credentials. An agent reproduces these fluently, often with comments that make them look deliberate. The output compiles, passes the happy-path tests the agent also wrote, and reads as competent - so the signals a reviewer uses to slow down are absent.

The second driver is a review-capacity mismatch. When an agent generates a 900-line change in a minute, the rational move is to skim it, and skimming turns review into a rubber stamp - the workflow problem covered in the Copilot code-review guide.

Attack scenarios

Mitigations

  1. Know where agents are writing code. Attribution is the foundation: which agents are in use, on which repositories, and how much of what merges is agent-authored. You cannot right-size review for a volume you have not measured. Begin with an agent inventory.
  2. Keep review meaningful, not ceremonial. Cap diff size, require human sign-off on security-relevant paths, and treat agent-authored changes as untrusted by default - the workflow in the practical agent-security guide.
  3. Scan code and dependencies in CI, and gate merges on it. SAST, secret scanning, and lockfile checks that reject packages which did not exist last week are the automated backstop when review is too fast for humans - see the enterprise AI security guide.
  4. Preserve provenance. Record which agent produced which change so a flaw traces back to its source, configuration, and sibling changes.

How Anomity helps

Anomity does not review or scan code - that is the job of your SAST, secret-scanning, and dependency tooling. It provides the layer beneath them: visibility into which AI agents run where and at what version, so agent output is a measured quantity. The lightweight, unprivileged Endpoint Sensor discovers agents, their skills, and the MCP servers feeding them, records source, owner, version, and reach, and surfaces config and update drift as change events - the context needed to attribute a vulnerable pattern to the agent that produced it. Findings route to SIEM, Slack, email, and Jira and land in a queryable 90-day audit trail, so "the agent wrote it" is a traceable fact, not a dead end.

See this surface in your own fleet

Anomity's Endpoint Sensor discovers every AI agent, MCP server, skill, and rules file on every endpoint, and governs each tool call at the hook. Book a 30-minute demo.

Ask AI about Anomity
ChatGPT Claude Perplexity Google AI Grok