Enterprises and public-sector organizations are accelerating adoption of AI agents and generative AI to automate knowledge work and software delivery, with guidance increasingly framed as a management and governance problem rather than a purely technical one. Commentary on agentic AI in software development describes agents as autonomous decision loops operating within guardrails (goal decomposition, tool selection, execution, observation, and iteration), enabled by mature CI/CD automation and API-driven infrastructure. Separate reporting highlights empirical findings that AI-generated code has grown to nearly 30% of code by late 2024 and is associated with an estimated ~4% productivity lift, with gains concentrated among more experienced developers despite higher usage among less-experienced staff.
Security and procurement implications are emerging alongside this adoption. Research on agentic tool chain attacks warns that AI agents’ “reasoning layer” and natural-language tool metadata become an attack surface, enabling techniques such as tool poisoning, tool shadowing, and “rugpull” behavior that can lead to covert data leakage or unauthorized actions; the risk is amplified when tools are centralized via architectures like the Model Context Protocol (MCP), where compromise of a shared tool server can propagate malicious behavior across many agents. In the US federal context, agencies are signaling demand for AI tools that deliver operational value while meeting requirements for security, transparency, and responsible use, and the General Services Administration is also tightening contractor cybersecurity expectations for work involving CUI by requiring alignment with NIST SP 800-171 (and select 800-172 controls), including MFA, encryption, vulnerability remediation, and removal of end-of-life components, with independent assessments as part of authorization and ongoing monitoring.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
6 events from the most recent confirmed update back to the earliest known activity.
SecuritySenses described growing real-world use of agentic AI across software development and advised organizations to keep humans in the loop, apply strict guardrails and logging, and start with low-risk use cases before expanding autonomy.
ZDNET reported guidance from Ethan Mollick that organizations should decide whether to delegate tasks to AI agents using three measures: human baseline time, probability of success, and total AI process time including review.
ZDNET summarized the Complexity Science Hub findings that less-experienced developers use generative AI more often, but measurable productivity and exploration gains accrue mainly to senior developers who are better able to evaluate AI output.
CrowdStrike published research defining 'agentic tool chain attacks' as threats targeting the reasoning layer of AI agents through tool descriptions, metadata, and parameter construction rather than traditional code boundaries. The report detailed tool poisoning, tool shadowing, and rugpull attacks, especially in Model Context Protocol environments.
The Complexity Science Hub study reported that AI-generated code rose sharply to nearly 30% by the end of 2024, alongside an estimated productivity increase of close to 4% for programmers overall.
A Complexity Science Hub study found AI-generated code accounted for about 5% of code in 2022, establishing an early baseline for generative AI use in software development.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
4 references tracked. Mallory keeps watching after this page renders.
securitysenses.com
Open sourcezdnet.com
Open sourcezdnet.com
Open sourcecrowdstrike.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.