AI coding agents are running on your machines — Do you know what they're doing?

A Sysdig Threat Research Team report analysing security risks posed by AI coding agents (Claude, Gemini, Codex) — highlighting structural prompt-injection vulnerabilities, predictable credential storage, and sandbox trust-boundary failures — and proposing syscall/eBPF-based Falco detection rules for installation, unauthorized config access, sensitive file reads, and safety-control bypass; mappings to MITRE ATLAS, OWASP LLM Top 10, and Google SAIF are provided and real incidents (SesameOp, Cursor, Slack AI) are cited to demonstrate active risks.