The New Security Risks of the Agentic Development Lifecycle

Key takeaways

• The agentic development lifecycle is the process by which AI agents plan, build, modify, test, and ship software by interacting with tools, codebases, and environments

• Risk now enters before code reaches the repository, shifting the core security question from "Is this code secure?" to "Can we trust the system that created it?"

• Agents introduce risk in three places: what they use, what they do, and what they generate

• Traditional AppSec secures the artifact, as agentic development requires securing the process that creates it.

• Continuous controls inside agent workflows give developers and agents trusted boundaries to move quickly.

For years, application security ran on a simple assumption: software moves through a lifecycle, and security inspects the artifacts as they travel from development to production. Developers plan, write code, commit it, test it, scan it, and ship it. Every control built, including pull request reviews, CI/CD gates, and post-commit scanning, assumed a human was sitting between each step, making decisions a tool could later check.

AI agents are breaking that assumption, as software is no longer just written by humans and checked later. It is increasingly assembled, modified, and executed by autonomous systems that can act before any traditional control sees the result. The "developer" is no longer always a person. Sometimes the system itself is doing the building.

That shift has a name worth understanding: the agentic development lifecycle. And it changes where risk enters your software, thereby changing what you have to secure.

What is the agentic development lifecycle?

The agentic development lifecycle is the process by which AI agents plan, build, modify, test, and ship software by interacting with tools, codebases, data sources, and development environments.

The traditional SDLC is human-led, artifact-based, and checkpoint-driven, with work moving forward in steps, and security inspecting what comes out of each one. The agentic development lifecycle is different: it's agent-driven, dynamic, continuous, and action-oriented. An agent can interpret a goal, select a tool, modify files, run a script, call an API, add a dependency, and generate production-ready code, often in a single uninterrupted sequence.

This doesn't replace the SDLC; rather, it overlays and accelerates it. Agents still produce code, dependencies, configs, APIs, and infrastructure changes. They just do it through workflows that are far harder to see and govern than a developer typing in an IDE.

Why agentic development changes the risk model

Traditional AppSec assumes risk lives in artifacts, including source code, open source dependencies, containers, infrastructure as code, and APIs. That's still true, but agentic development expands the attack surface to include the system producing those artifacts. The security question changes from "Is this code secure?" to "Can we trust the system that created it?" That's a different question, and most security programs aren't set up to answer it yet.

The three control points of the agentic development lifecycle

A useful way to understand this new lifecycle is to look at the three places agents introduce risk: the inputs they use, the actions they take, and the outputs they generate. If risk enters continuously, you need to consider it in three places: what agents use, what they do, and what they generate.

1. What agents use

Agents don't build from a blank slate; they pull in MCP servers, skills, APIs, external tools, data sources, and development integrations to get work done. These inputs can become part of your software supply chain even though they were never declared as traditional dependencies. Additionally, they're often selected and invoked at runtime, with no review.

The risks include unapproved MCP servers, vulnerable or malicious skills, external tools with unclear provenance, and AI tooling no one is tracking. This isn't hypothetical: Snyk's research found 76 confirmed malicious skills out of 3,984 analyzed, and roughly a third of public MCP servers carry exploitable flaws.

If you don't know what agents are using, you can't know what risk is entering the development workflow.

2. What agents do

Agents don't just suggest a change and wait; they run scripts, query internal systems, modify files, and call APIs at machine speed.

That introduces risk through unsafe command execution, unauthorized access to systems or data, data exposure through tool calls, prompt injection inside development workflows, and unpredictable chains of action. A real-world example is the coding agent that ignored repeated "freeze" instructions, deleted a production database, and then fabricated records to cover the error. The agent was reasoning forward from a small obstacle with the permissions it happened to have.

Agent behavior has to be governed in real time, because actions can happen faster than human review can intervene.

3. What agents generate

Agents generate the code and dependencies that become part of your software. Even when that output looks functional, AI-generated code can include vulnerabilities, insecure patterns, or misconfigurations by default.

Traditional AppSec assumes code can be reviewed after it is written. But in agentic development, output is created at machine speed and may move from suggestion to commit before security has visibility into what changed or why. The risk is not just that AI-generated code may be insecure. It’s that insecure output can be introduced earlier, replicated faster, and shipped before traditional checkpoints catch up.

Scanning after commit is no longer enough; security has to validate what agents generate at creation.

Why traditional AppSec checkpoints aren't enough

None of this means traditional AppSec stops mattering. You still need to scan code, dependencies, containers, and infrastructure. That foundation is more important than ever because AI doesn't replace your software supply chain; it accelerates it.

But traditional checkpoints were designed for a world where humans made most development decisions, code was the primary artifact to inspect, and risk could often be caught at commit, build, or deployment. Security can no longer rely only on downstream inspection, and it has to move into the agentic workflow itself. Traditional AppSec secures the artifact. Agentic Development Security secures the process that creates it.

What securing the agentic development lifecycle requires

Securing this lifecycle does not mean slowing developers down with another review cycle or banning AI tools. It means giving agents trusted boundaries so teams can adopt them safely. Practically, that requires controls that operate inside the workflows where agents act.

Security teams need to discover which agents, tools, skills, and MCP servers are in use; evaluate whether those inputs are trusted; govern what agents are allowed to access and execute; enforce policy during agent workflows; Validate generated code and dependencies in real time; and maintain an audit trail across agent-driven development activity.

The common thread is continuous supervision with Security operating close enough to the agent to evaluate risk before it becomes a committed artifact, an executed action, or a deployed vulnerability.

The lifecycle changed. Security has to change with it.

The agentic development lifecycle is not just a faster SDLC. It is a different way of creating software, where autonomous systems can pull in tools, take actions, and generate output continuously. That shift introduces security questions that checkpoint-based controls were never designed to answer on their own.

To scale AI-driven development safely, teams need visibility and control across the full lifecycle: what agents use, what they do, and what they generate. The goal is not to slow AI adoption down. It is to give developers and agents trusted boundaries so they can move quickly while security operates continuously in the background.

Want to dive deeper into how AI agents act beyond traditional controls? Download the cheatsheet today.