AI coding agents are running on your machines — Do you know what they're doing?

This report analyzes the security risks posed by AI coding agents—describing structural vulnerabilities (prompt injection, excessive agent privileges, sandbox limitations), documented exploitation cases (credential exfiltration and use of LLM APIs as covert C2), relevant CVEs in the MCP ecosystem, and a set of syscall-level detection rules and operational guidance (per-agent identification, config-access monitoring, safety-flag detection) to mitigate these threats.