New Edamame Platform Aims to Catch AI Coding Agents Going Off the Rails
France-based startup Edamame says its runtime verification platform uses host telemetry and AI analysis to detect coding-agent “intent drift,” secret theft and supply-chain attacks in real time. The post New Edamame Platform Aims to Catch AI Coding Agents Going Off the Rails appeared first on SecurityWeek.
The North Atlantic Drift, an extension of the Gulf Stream, brings warm waters to the west coast of France. The AI Coding Drift is something altogether more chilling and global. France-based Edamame has a new solution for the latter.
Developers are using AI coding agents en masse to increase the speed of code development. This is a good intention – but one that may hide a bad outcome. Coding agents tend to diverge from the developer’s initial declared intent into doing something different but often undetectable.
This divergence is generally known as code drift. It can occur with any agent but can be worsened by self-improving agents. A major cause can be organic within the agent or force-feeding by attacker-poisoned assets. The latter creates the more dangerous and immediate divergence, and can lead to the exfiltration of tokens, SSH keys, CI secrets, source code, or developer wallet material as part of a valid local process.
Related breach coverage
- ‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems2026-05-27
Malicious repositories and disguised symlinks can trick AI coding agents into silently installing attacker-controlled MCP servers capable of stealing secrets, compromising CI pipelines, and deploying malicious code. The post ‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems appeared first on SecurityWeek.
- Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility2026-05-21
New vulnerabilities are being discovered too fast, the time-to-exploitation is too short, and our visibility into them is largely lacking. The post Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility appeared first on SecurityWeek.
- Ocean Emerges From Stealth With $28M for Agentic Email Security Platform2026-05-21
The company has developed a platform that uses specialized AI agents to inspect every incoming message. The post Ocean Emerges From Stealth With $28M for Agentic Email Security Platform appeared first on SecurityWeek.
- 1Password Teams With OpenAI to Stop AI Coding Agents From Leaking Credentials2026-05-20
1Password says AI coding agents should never hold persistent secrets, introducing a just-in-time credential model for OpenAI Codex designed to keep credentials out of prompts, code repositories, and model context. The post 1Password Teams With OpenAI to Stop AI Coding Agents From Leaking Credentials appeared first on SecurityWeek.