AI coding agents now operate across development environments, code repositories and CI/CD pipelines, writing code, resolving dependencies and pushing changes with minimal human oversight, and securing every stage of that workflow is essential. The post highlights a three-stage attack surface: Stage 1 on developer machines or ephemeral dev environments, Stage 2 in code repositories, and Stage 3 in CI/CD pipelines, where agents have access to credentials and production secrets.
It cites real-world incidents such as the Shai-Hulud campaign compromising npm packages and stolen credentials; the NX Build System compromise via a VSCode extension; and the Trust Wallet incident where stolen developer credentials enabled a malicious Chrome extension publication. StepSecurity asserts end-to-end defence across all three stages, noting it was among the first to detect the tj-actions supply chain attack and other 2025 incidents, providing early warning before public advisories existed.
The article also describes Stage 1 features like AI Agent Discovery and Local npm Package Monitoring, Stage 2 capabilities such as cooldown policies and org-wide package search, and Stage 3 protections including runtime visibility and egress policy enforcement to prevent exfiltration. It concludes that unified visibility across the SDLC is needed as modern supply chain attacks are multi-stage and cross boundaries between developer machines, registries, and pipelines.