“There Is No Accountability”: AI Coding Agents Are Installing Packages No One Owns

The rapid adoption of AI‑driven coding assistants such as GitHub Copilot, Claude Code and Cursor has introduced a hidden supply‑chain risk: autonomous package installations that bypass traditional human review. As developers across product, marketing and sales increasingly rely on these agents, enterprises face an accountability vacuum—no team owns the policy governing what an AI can pull into a system. This gap enables malicious code, from ransomware‑laden npm modules to self‑replicating worms, to infiltrate environments before security teams even detect a breach, amplifying the attack surface across the software lifecycle.

Aikido Security aims to close that gap with two flagship offerings. Aikido Endpoint monitors every installation request—whether triggered by a human or an AI—and enforces a configurable block window, typically 48 hours, while allowing whitelists and rapid approval workflows to keep developer friction low. The platform also inspects IDE extensions, browser plugins and AI model downloads, providing real‑time policy enforcement and detailed telemetry for security operations. Complementing Endpoint, Aikido Infinite delivers continuous AI‑powered penetration testing, automatically probing newly added dependencies for vulnerabilities and ensuring that code remains self‑securing throughout the CI/CD pipeline.

The market is already responding: Socket raised a $60 million Series C at a $1 billion valuation to block malicious open‑source packages, while Endor Labs, Chainguard, Snyk and Arcjet each focus on different layers of the AI‑enabled supply chain. Recent Snyk research found that more than a third of AI skill plugins contain at least one flaw, underscoring the urgency for comprehensive protection. For enterprises, adopting tools that combine real‑time detection, policy‑driven guardrails and continuous testing is becoming a prerequisite for safely leveraging AI coding agents at scale.