A comprehensive landscape assessment of AI coding agent governance. 85% of
developers use AI coding tools. 41% of all code is AI-generated. Only 6% of
organizations have an advanced AI security strategy.
This episode maps the full attack surface: AI coding agents (GitHub Copilot,
Claude Code, Cursor at $9B valuation), MCP protocol security (30 CVEs in 60
days, 38% of servers lack authentication, 43% vulnerable to command execution),
model provenance gaps (multi-model routing, Chinese-origin data residency risks),
and real-world exploitation incidents — CVE-2025-6514 MCP supply chain RCE,
Supabase/Cursor breach, IDEsaster (24 CVEs across all major coding tools),
RoguePilot repository takeover, EchoLeak zero-click M365 Copilot exfiltration,
UNC6395/Drift 700-customer compromise, plus this week's disclosures including
MS-Agent CVE-2026-2256, PleaseFix, OpenClaw, and Rules File Backdoor.
Plus: FOMO-driven adoption analysis (stock price pressure, funding optics),
IBM shadow AI data (20% of all breaches, $4.63M average), EU AI Act August
2026 enforcement, and a four-item practitioner playbook.