The Top 5 Questions Security Leaders Are Asking About Coding Agents

Portrait of Cinthia Portugal
Cinthia Portugal
Cover Image

The discussion during our recent webinar made one thing clear. Security teams aren't asking whether coding agents will become part of the enterprise. They're asking how to adopt them safely.

The audience questions focused on practical concerns that many organizations are facing today, from autonomous execution to supply chain risk and governance.

Here are the five questions that generated the most discussion.

1. Is YOLO Mode ever safe?

This question sparked one of the longest conversations of the webinar.

The short answer was yes, but only with the right controls.

Keren and Tamir agreed that telling developers not to use autonomous modes is unrealistic. Developers are under pressure to move quickly, and after enough approval prompts, most users begin approving actions without carefully reviewing each request.

Instead of trying to eliminate autonomous execution, organizations should focus on governing it.

That starts with understanding what coding agents are doing, monitoring their behavior in real time, and preventing destructive actions before they happen.

As Keren explained during the session, productivity and security don’t have to compete. The challenge is building guardrails that protect the organization without slowing developers down.

2. Are MCP servers and skills becoming the next software supply chain problem?

The answer from both researchers was an immediate yes.

Every Model Context Protocol (MCP) server, plugin, skill, package, and repository expands the attack surface. More importantly, many of these components change over time.

Tamir described examples where a skill appears completely legitimate during installation but retrieves additional instructions only when it executes. Static analysis alone would never identify that behavior.

That is why both researchers emphasized continuous monitoring instead of treating supply chain reviews as a one-time event.

3. Aren't existing security tools already protecting us?

This question surfaced several times throughout the discussion.

The researchers explained that traditional security products were designed to detect malware, suspicious binaries, or known exploits. Coding agents introduce entirely new behaviors.

Prompt injection hidden inside repositories, context corruption, malicious MCP servers, and autonomous decision-making are not behaviors most existing security tools were designed to understand.

That is why organizations need visibility into how coding agents reason, what they access, and which actions they ultimately execute.

4. What should organizations monitor first?

Tamir's recommendation was refreshingly practical.

Before building sophisticated AI security programs, start by answering four basic questions.

• Which coding agents are developers using?• Which MCP servers and skills have they installed?• What permissions do those agents have?• Are they running with elevated autonomy?

If the answer to any of those questions is no, that is where your security program should begin.

Visibility is the foundation. From there, organizations need policies that prevent destructive actions before they occur.

5. What should AI guardrails actually protect against?

One of the webinar's biggest takeaways was that security teams often focus on the wrong problem.

Rather than trying to stop every possible prompt injection technique, organizations should focus on the outcome.

What actions should an autonomous agent never be allowed to perform?

  • Delete production data.
  • Harvest sensitive information.
  • Bypass security controls.
  • Execute destructive commands.

Tamir argued that security teams should think about impact first. If organizations understand the actions that must never happen, they are in a much stronger position to build meaningful guardrails around autonomous systems.

One Theme Connected Every Answer

Whether the discussion focused on YOLO Mode, MCP servers, supply chain security, or governance, the conclusion was remarkably consistent.

Coding agents are different because they do more than generate answers. They pursue goals.

Sometimes those goals align with security. Sometimes they don't.

As the live demonstration showed, an autonomous agent may even treat a security control as another obstacle standing between it and the task it is trying to complete.

That shift requires organizations to rethink how they secure AI.

The full webinar explores each of these questions in much greater depth, including the live attack demonstration and the complete audience discussion. If your organization is evaluating coding agents today, the recording provides valuable context that is difficult to capture in a single article.

Watch the webinar on-demand: Coding Assistants: Minimizing Risk Where Agents Take Action.

All Articles

Secure Your Agents

We’d love to chat with you about how your team can secure and govern AI Agents everywhere.

Get a Demo