AI Code Assistant Risks

The AI pair-programmer reads your code, suggests new code, and increasingly edits files and runs commands — and each is a security surface. It suggests vulnerable patterns you accept on autopilot, ships your code and secrets to a third party, can be prompt-injected through a poisoned rules file, invents package names attackers pre-register with malware, and runs as an agent in your dev environment.