Concerned about recent npm, Shai-Hulud and TeamPCP?
Learn More
State of Runtime Security

The signal was always there.

An analysis of 2,846 runtime-confirmed vulnerabilities across enterprise environments — what the data reveals about real risk, scoring gaps, ecosystem shifts, and the acceleration of ingress-exposed threats in early 2026.

Read the full report
Read the full report

Top 10 findings

1.

AI code editors have become a new attack surface

AI assistants blur the boundary between code, tooling and system execution, expanding developer risk beyond traditional AppSec models.

2.

Prompt injection is now an execution vulnerability

In agentic editors, hidden instructions in code or documentation can directly trigger command execution and data exfiltration.

3.

Agent autonomy dramatically increases blast radius

Tools that can read files, run commands, access the network or persist memory turn LLMs into high-privilege actors if compromised.

4.

Insecure defaults directly enable real-world exploits

Auto-run behavior, disabled workspace trust and default network access have already led to silent RCE incidents.

5.

Supply-chain attacks target AI tooling directly

Malicious IDE extensions and poisoned repositories have resulted in full developer compromise and significant financial loss.

6.

Permission models fail under adversarial input

Allowlists, denylists and approval prompts are bypassed through command chaining, obfuscation and user-fatigue patterns.

7.

Data leakage often occurs across AI contexts

Chat history, local files, credentials and memory stores can bleed into unintended outputs or external requests.

8.

Traditional AppSec tools do not observe agent behavior

SAST, DAST and SCA don’t observe AI decision-making, tool invocation or runtime misuse inside IDEs.

9.

Detection requires treating AI agents as non-human identities

Effective monitoring depends on logging AI actions, correlating tool usage and applying endpoint-level behavioral analysis.

10.

The industry lacks standards for securing AI development tools

There is no common benchmark, policy framework or certification for AI code editor security, yet attackers are already exploiting the gap.

What you'll learn in this report

1.

Why AI code editors create an entirely new attack surface, with real-world exploits emerging within days, sometimes in as little as 48 hours.

2.

How prompt injection turns becomes direct code execution in agentic IDEs, enabling RCE and sandbox escapes without relying on zero-day vulnerabilities.

3.

Which agent capabilities produce the largest blast radius when compromised, including file access, shell execution, network access and persistent memory.

4

How insecure defaults power every documented AI IDE attacks to date, not sophisticated exploit chains.

5.

Why traditional AppSec tools fails to observe these attacks, and what effective detection must look like for AI agents.

State of AI Code Editor Security 2026

Read the full report
Read the full report