AI coding tools are a security risk: how to protect your code and privacy
AI coding assistants such as Cursor, Claude Code, and GitHub Copilot have become indispensable for many developers. They autocomplete snippets, generate boilerplate, and even refactor entire functions. The productivity gains are real—but so are the security risks. Recent incidents show that these tools can introduce new attack surfaces that traditional security controls don’t fully cover.
The question isn’t whether you should use AI coding tools. It’s how to use them without opening your project to malicious code, data leaks, or compromised dependencies.
What happened
Several high-profile cases have made the risks concrete. In July 2026, researchers demonstrated that Cursor IDE could auto-execute malicious code from a poisoned repository (Dark Reading). The tool’s “agent mode” fetched and ran code without user confirmation. Similarly, the “TrustFall” convention in May 2026 exposed a code execution risk in Claude Code (Dark Reading). Attackers could craft prompts that tricked the assistant into running shell commands.
There’s also the “Cordyceps” campaign, which began in June 2026. Attackers flooded popular open-source repositories with malicious pull requests (Dark Reading). AI coding tools that automatically fetch and apply pull requests could unwittingly integrate these changes.
These aren’t theoretical exploits. They are documented vulnerabilities that have already been used in the wild.
Why it matters
AI coding assistants operate with elevated trust. They modify your codebase, install packages, and execute commands. If an attacker poisons a repository or manipulates the assistant’s suggestions, the damage can spread fast: supply chain compromise, credential theft, or data exfiltration.
The risk is heightened because many developers treat AI output as authoritative. A 2023 study found that developers accept AI suggestions about 30% of the time, and rarely audit them thoroughly. When the tool itself becomes the vector, that blind acceptance is dangerous.
The issue is not new—traditional IDEs have had security problems for years. But AI tools add a layer of opacity. You can’t always see why the assistant recommended a particular snippet or package. That lack of transparency is exactly what attackers exploit.
What readers can do
Here are practical steps to lower the risk without abandoning the productivity gains.
1. Disable automatic execution.
Turn off features like “agent mode” or “auto-run commands” unless absolutely necessary. Cursor and Claude Code both allow you to require manual approval before executing code or installing packages. Use that setting.
2. Sandbox the development environment.
Run AI coding tools inside a container or a virtual machine with limited network access. If the tool does something malicious, the damage stays contained. Tools like Docker or Firejail work well.
3. Review every suggestion—especially from unknown sources.
Always read the code an AI assistant generates before committing it. Pay attention to imports, API calls, and command-line instructions. If you don’t understand a block, treat it as suspicious.
4. Vetting before adoption.
Before integrating a new AI coding tool into your team’s workflow, run a security evaluation. Test it on a sandboxed project. Check if it has known vulnerabilities (CVEs) and whether the vendor has a responsible disclosure policy.
5. Update dependencies regularly.
AI tools often pull in libraries and packages. Keep them updated to patch known vulnerabilities. Use a dependency scanner like Dependabot or Snyk to automate that.
6. Treat pull requests with suspicion.
Even if they come from a trusted contributor, verify the contents—especially after the Cordyceps campaign. If your AI tool automatically fetches and applies PRs, disable that feature and review manually.
Sources
- Dark Reading. “Cursor IDE Auto-Executes Malicious Code in Poisoned Repos.” July 14, 2026.
- Dark Reading. “‘TrustFall’ Convention Exposes Claude Code Execution Risk.” May 7, 2026.
- Dark Reading. “‘Cordyceps’: Mushrooming Malicious Pull Requests Threaten Developer Workflows.” June 23, 2026.
- Dark Reading. “AI Coding: Do Security Risks Outweigh Productivity Gains?” July 10, 2026.