Sonatype
AI Coding Agents Exploited in Rising Supply Chain Attacks
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
In 2026, AI coding agents have become a new entry point for attackers, bypassing traditional security measures. The first half of 2026 saw a 2.6 times increase in supply chain attack campaigns compared to all of 2025. The PromptMink campaign, attributed to a North Korean group, exploited package dependencies, using techniques that mislead AI agents into accepting malicious packages. The Mastra AI framework was also compromised, leading to the addition of a malicious package that executed during installation. This highlights the inadequacy of current vulnerability prioritization methods, as teams need to prevent unsafe components from entering builds. The growing volume of malicious activity across ecosystems like npm and PyPI emphasizes the urgent need for improved security controls. Organizations must adapt to the evolving threat landscape where AI tools are both targets and vectors for attacks.
Key Points: • AI coding agents are bypassing traditional security checks, increasing vulnerability. • 2026 has seen a 2.6 times rise in supply chain attack campaigns compared to 2025. • The PromptMink campaign exploited AI dependency resolution, targeting popular libraries.