
“When tools like Cursor are installing dependencies and running actions on a developer’s behalf, they can unintentionally pull in malicious or unvetted packages,” says Randall Degges, vice president of AI engineering and developer relations at Snyk. “That’s why techniques like intercepting tool calls, validating inputs and outputs, enforcing least-privilege access, and isolating credentials are becoming foundational to how AI-driven development systems operate. Without security embedded directly into the agent loop, teams risk shipping faster into more exposure, not less.”
According to Qodo’s report on The AI Coding Paradox, 89% of enterprise engineering teams have experienced an AI-generated code incident and have had a production outage caused by AI-generated code. Development teams building a large portfolio of AI agents or heavily relying on AI code-generation capabilities may want to look at AI code-review tools that provide more contextual analysis than basic static code review tools.
“Current AI coding assistants suffer from a severe amnesia problem, and each session starts without memory of an organization’s unique context, subjective standards, and business logic,” says Itamar Friedman, CEO and cofounder at Qodo. “To safely scale AI, it requires integrating stateful systems equipped with persistent organizational memory that continuously learn from past pull requests and automatically enforce enterprise-specific governance. Ultimately, developers need tools that ensure code is guided by continuously learning organizational experience rather than just raw machine-generated code.”

