AI Agents Are Writing 10x More Vulnerabilities—And No One Is Reviewing the Code + Video

Listen to this Post

🐢▶️ Listen🚀

Introduction

The software development landscape has undergone a seismic shift. Two years ago, every line of code deployed to production was written and reviewed by a human engineer. Today, AI coding agents—from Cursor and Claude Code to Windsurf and Amazon Kiro—are generating unprecedented volumes of code, often with little to no human oversight. This productivity boom comes with a dark side: AppSec teams are now confronting 10 times the vulnerabilities they faced just two years ago, while traditional security gates like pull request reviews and CI/CD scans are breaking down under the pressure. Semgrep Guardian emerges as the first purpose-built solution to this crisis—a real-time security layer that scans and fixes AI-generated code the moment it is written, directly inside the coding agent loop. As an official partner of Cursor and Claude Code, Semgrep Guardian represents a fundamental rethinking of how we secure the software supply chain in the age of agentic development.

Learning Objectives

• Understand the security risks introduced by AI coding agents and why traditional review processes are insufficient
• Learn how Semgrep Guardian integrates with agentic coding tools via MCP servers, hooks, and skills to provide real-time vulnerability detection and remediation
• Gain practical knowledge of configuring and deploying Semgrep Guardian across enterprise development environments
• Master the technical implementation of automated secret detection, dependency vulnerability scanning, and OWASP Top 10 enforcement
• Develop strategies for measuring security ROI and tracking agent-introduced vulnerabilities across engineering organizations

You Should Know

1. The Agentic Security Crisis: Why Traditional Gates Are Failing

The fundamental problem is not that AI agents write bad code—it is that they write vast quantities of code that never receives meaningful human review. Citizen developers, many of whom have never written code before, are now pushing production software connected to customer data every single day. Simultaneously, frontier AI models are accelerating both the discovery and exploitation of software vulnerabilities, compressing the window between disclosure and attack to dangerous levels.

Traditional security tooling runs in CI/CD pipelines, after code has already been written and committed. This paradigm is fundamentally broken for AI-generated code because:

• Latency kills security: By the time a CI/CD scan completes, vulnerable code may have already been merged and deployed
• Review capacity is finite: Human code reviewers cannot keep pace with the volume of AI-generated code
• Self-checking is insufficient: Using models to review their own output is too slow, too expensive, and prone to the same blind spots

Semgrep Guardian addresses these challenges by moving security left of the commit—scanning every file the moment an agent touches it, with 95% of scans completing in under five seconds.

Step‑by‑step guide: Understanding the Guardian architecture

Semgrep Guardian bundles three core components that work in concert:

1. MCP Server (Model Context Protocol) : Exposes Semgrep’s scanning capabilities as a service that AI agents can call directly. The MCP server provides tools for SAST (static application security testing), supply chain vulnerability detection, and secrets scanning.

2. Hooks: Leverages agent-specific extension points—such as Cursor’s `afterFileEdit` and `stop` hooks—to trigger scans automatically whenever code is written or modified.

3. Skills: Predefined capabilities that agents can invoke to resolve findings automatically, from fixing vulnerable dependencies to rotating exposed secrets.

When an agent writes code, the hook system detects the file change and invokes the MCP server, which runs Semgrep’s multimodal analysis engine across Code, Supply Chain, and Secrets rules. Findings are then either automatically fixed (via Skills) or reported back to the agent for remediation—all before the code ever reaches version control.

1. Installing and Configuring Semgrep Guardian in Your Environment

Deploying Semgrep Guardian is designed to be completed in an afternoon, with no software installation required on developers’ machines. Enterprise rollouts leverage existing MDM solutions or the agent’s built-in controls.

Step‑by‑step guide: Deploying Semgrep Guardian

Step 1: Enable your AI coding agent for Guardian integration

For Cursor:

 Cursor supports Guardian via MCP configuration
 Add to your Cursor settings.json:
{
"mcpServers": {
"semgrep": {
"command": "npx",
"args": ["-y", "@semgrep/mcp-server"],
"env": {
"SEMGREP_APP_TOKEN": "your-api-token"
}
}
}
}

For Claude Code:

 Claude Code uses the same MCP server
 Install the Guardian plugin via the Claude Code CLI:
claude plugins install semgrep-guardian

For VS Code with GitHub Copilot:

 Install the Semgrep VS Code extension
code --install-extension semgrep.semgrep
 Configure to enable Guardian mode

Step 2: Configure your organization’s security policies

Semgrep Guardian brings your org’s existing rules, policies, and context directly into the agent’s workflow:

 .semgrep.yml - Organization-wide policy
rules:
- id: no-hardcoded-secrets
pattern: |
(AWS_SECRET_KEY|GITHUB_TOKEN|API_KEY) = "..."
message: Hardcoded secrets detected
severity: ERROR
fix: |
 Use environment variable instead
$SECRET = os.environ.get("$SECRET_NAME")

<ul>
<li>id: owasp-top10-sql-injection
pattern-either:</li>
<li>pattern: |
$QUERY = "SELECT  FROM $TABLE WHERE $COL = '" + $INPUT + "'"
message: Potential SQL injection vulnerability
severity: ERROR
metadata:
owasp: "A03:2021 - Injection"

Step 3: Enable Supply Chain scanning

Guardian scans for vulnerable dependencies in real-time:

 Generate a dependency manifest for scanning
 For npm projects:
npm list --json > package-lock.json

For Python:
pip freeze > requirements.txt

Guardian automatically detects and blocks malicious packages
 with 122 Pro rules for malicious patterns in agent skill definitions

Step 4: Validate deployment

 Test that Guardian is active
semgrep guardian status

Run a manual scan to verify configuration
semgrep guardian scan --path ./src --output json

3. Real-Time Secret Detection and Remediation

Hardcoded secrets remain one of the most common and dangerous vulnerabilities introduced by AI agents. Semgrep Guardian’s Secrets module detects and resolves secrets as they are written, before they can be committed to version control.

Step‑by‑step guide: Implementing secrets detection

Guardian runs three Semgrep products by default: Code (SAST), Supply Chain, and Secrets. For secrets detection specifically:

Detection patterns (automatically enforced):

• AWS access keys (AKIA[0-9A-Z]{16})
• GitHub tokens (ghp_[0-9a-zA-Z]{36})
• API keys for major providers (Stripe, Twilio, Google, etc.)
• Generic high-entropy strings that resemble credentials

Remediation workflow:

When Guardian detects a hardcoded secret, it can automatically:

1. Flag the issue with a clear error message and remediation guidance
2. Suggest a fix by replacing the literal with an environment variable reference
3. Block the commit if configured with severity `ERROR`

   BEFORE (vulnerable - Guardian will flag this)
   AWS_SECRET_KEY = "AKIAIOSFODNN7EXAMPLE"
   
   AFTER (Guardian's suggested fix)
   import os
   AWS_SECRET_KEY = os.environ.get("AWS_SECRET_KEY")
   if not AWS_SECRET_KEY:
   raise ValueError("AWS_SECRET_KEY environment variable not set")
   

Verification commands:

 Linux/macOS: Check for exposed secrets in your codebase
grep -r "AKIA[0-9A-Z]" . --include=".py" --include=".js" --include=".java"

Windows PowerShell: Similar check
Get-ChildItem -Recurse -Include .py,.js,.java | Select-String "AKIA[0-9A-Z]"

Use detect-secrets for comprehensive scanning (alternative)
detect-secrets scan --all-files

4. Automated Vulnerability Fixes for OWASP Top 10

Guardian doesn’t just detect vulnerabilities—it actively fixes them. With one B2B SaaS company preventing over 180 critical issues every week since deployment, the impact is measurable and immediate.

Step‑by‑step guide: Automated remediation workflow

SQL Injection (A03:2021) :

// BEFORE (vulnerable)
const query = <code>SELECT  FROM users WHERE id = '${userId}'</code>;

// Guardian's automated fix
const query = 'SELECT  FROM users WHERE id = ?';
const result = await db.query(query, [bash]);

Cross-Site Scripting (A03:2021) :

 BEFORE (vulnerable)
return f"

<div>{user_input}</div>

"

Guardian's automated fix
from markupsafe import escape
return f"

<div>{escape(user_input)}</div>

"

Command Injection (A03:2021) :

 BEFORE (vulnerable - shell injection)
os.system(f"ping {user_host}")

Guardian's automated fix
import subprocess
subprocess.run(["ping", user_host], shell=False)

How Guardian fixes vulnerabilities inline:

1. Agent writes code containing a vulnerability

1. Guardian hook triggers a scan (completed in <5 seconds)
2. Semgrep’s analysis engine identifies the vulnerability and generates a fix
3. The fix is applied automatically via the agent’s Skills capability
4. The developer is notified of the fix but rarely needs to intervene

 CLI command to apply Guardian fixes manually
semgrep guardian fix --path ./src --rule-id owasp-sql-injection

Generate a report of all automatically fixed issues
semgrep guardian report --format json --output guardian-fixes.json

5. Supply Chain Security: Blocking Malicious Packages

AI agents frequently suggest and install third-party packages, often without sufficient scrutiny. Guardian’s Supply Chain module detects and blocks malicious open-source packages before they can be installed.

Step‑by‑step guide: Securing the dependency chain

Automatic detection of malicious packages:

Guardian maintains 186 Pro rules for detecting malicious patterns in agent skill definitions and package recommendations. When an agent suggests installing a package, Guardian:

1. Checks the package against known vulnerability databases

1. Analyzes the package’s behavior patterns for suspicious activity
2. Blocks installation if the package is deemed malicious or vulnerable

4. Suggests safe alternatives

Verification commands:

 npm - Check for known vulnerabilities
npm audit

Python - Check for vulnerable dependencies
pip-audit

Java/Maven - Check for CVEs
mvn dependency-check:check

Semgrep Supply Chain scan
semgrep supply-chain scan --path ./

Enterprise deployment:

Guardian can be rolled out to hundreds of developers without any software installed on their machines, using MDM or the agent’s built-in enterprise controls:

 Example MDM configuration for Guardian
 Deploy via Intune or Jamf
{
"configuration": {
"semgrep": {
"guardian": {
"enabled": true,
"scanMode": "inline",
"blockMaliciousPackages": true,
"autoFix": true,
"reportingEndpoint": "https://security.internal/guardian/reports"
}
}
}
}

6. Measuring ROI and Tracking Agent-Introduced Vulnerabilities

One of Guardian’s most powerful features is complete visibility into what agents are doing across your engineering organization. Security teams can track:

• How many vulnerabilities agents introduce
• How many are caught and fixed automatically
• Which IDEs and agents developers are using
• Overall ROI of the security program

Step‑by‑step guide: Implementing Guardian analytics

Enable reporting:

 Configure Guardian to send metrics to your SIEM
semgrep guardian configure --reporting-endpoint https://your-siem:8080

Enable detailed telemetry
semgrep guardian configure --telemetry detailed

Key metrics to track:

| Metric | Description | Target |

|–|-|–|

| Scan coverage | % of agent-written files scanned | >99% |
| Fix rate | % of detected issues automatically fixed | >80% |
| False positive rate | % of alerts that are false positives | <5% |
| Mean time to remediate | Time from detection to fix | <1 minute | | Issues prevented per week | Number of critical issues blocked | >100 |

Dashboard query examples:

-- PostgreSQL: Track Guardian effectiveness
SELECT 
DATE(scan_timestamp) as scan_date,
COUNT() as total_scans,
SUM(CASE WHEN finding_severity = 'CRITICAL' THEN 1 ELSE 0 END) as critical_findings,
SUM(CASE WHEN auto_fixed = true THEN 1 ELSE 0 END) as auto_fixed_count
FROM guardian_scans
WHERE scan_timestamp >= NOW() - INTERVAL '30 days'
GROUP BY scan_date
ORDER BY scan_date DESC;

-- Elasticsearch/Kibana: Agent usage analytics
GET /guardian-telemetry/_search
{
"aggs": {
"by_agent": {
"terms": { "field": "agent_type.keyword" },
"aggs": {
"avg_issues": { "avg": { "field": "issues_detected" } }
}
}
}
}

What Undercode Say

• Security must shift left of the commit: Traditional CI/CD scanning is no longer sufficient when AI agents generate code at machine speed. Real-time inline scanning is the only viable defense against the 10x increase in vulnerabilities.

• Automated remediation is non-1egotiable: With 3 million scans running weekly and 95% completing in under 5 seconds, Guardian demonstrates that automated fixing at scale is not just possible—it’s essential. Security teams cannot afford to manually triage every AI-generated finding.

The industry is witnessing a fundamental shift in how software is built and secured. Two years ago, every line of code was human-written and human-reviewed. Today, AI agents are the primary authors of new code, and human review is becoming a bottleneck that security teams can no longer rely on. Semgrep Guardian’s approach—embedding security directly into the agentic workflow via MCP servers, hooks, and skills—represents the first scalable solution to this emerging crisis.

The economic argument is compelling: the cheapest vulnerability is the one the agent never ships. By catching and fixing issues at the moment of creation, Guardian eliminates the exponential cost of finding vulnerabilities downstream—in CI/CD, in production, or after a breach. The 180+ critical issues prevented weekly at one B2B SaaS company translate to millions of dollars in avoided remediation costs, incident response, and reputational damage.

However, Guardian’s success depends on organizations embracing a new security paradigm. Security teams must move from gatekeepers to enablers, embedding guardrails that developers rarely think about. The tool’s invisibility to developers is its greatest strength—security becomes frictionless, automatic, and continuous. For enterprises adopting AI-assisted development at scale, Guardian is not just a nice-to-have; it is an operational necessity.

Prediction

• +1 The adoption of AI-1ative security tools like Semgrep Guardian will become a competitive differentiator for enterprises. Organizations that deploy real-time inline security will ship faster, with fewer vulnerabilities, and at lower cost than those relying on legacy CI/CD scanning. The 10x vulnerability gap will widen between early adopters and laggards.

• +1 The MCP (Model Context Protocol) will emerge as the de facto standard for AI agent security integrations, creating a thriving ecosystem of security plugins that work across all major coding assistants. Semgrep’s early mover advantage as an official Cursor and Claude Code partner positions it to define this emerging category.

• -1 The rise of AI-generated code will lead to a new class of supply chain attacks targeting agent skill definitions and MCP servers. Malicious actors will attempt to poison the very tools designed to secure AI code, requiring continuous evolution of detection rules and proactive threat hunting.

• +1 Security teams will pivot from manual code review to managing security policies and measuring automated remediation effectiveness. The role of the AppSec engineer will shift from finding vulnerabilities to configuring and tuning AI-1ative security controls, creating new career opportunities in the emerging field of “agentic security operations.”

• -1 Organizations that fail to adopt inline security for AI-generated code will experience a significant increase in security incidents over the next 12-24 months. The combination of increased code volume, reduced human review, and accelerated vulnerability exploitation timelines creates a perfect storm that legacy security tools cannot address.

▶️ Related Video (82% Match):

https://www.youtube.com/watch?v=1NJ3qfpQuAc

🎯Let’s Practice For Free:

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

IT/Security Reporter URL:

Reported By: Isaacevans What – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky