Beyond source code: The files AI coding agents trust — and attackers exploit

As AI coding agents become deeply embedded in developer workflows, defenders must evolve their definition of malicious files and rethink how to protect against them. 

Autonomous AI agents operate across integrated development environments (IDEs), editors, terminals, and extension runtimes, and they often have access to local files, command execution, and external services. As a result, the attack surface of the modern developer environments now extends well beyond source code. Repository files, agent instructions, runtime settings, and extension packages can all influence what the agent trusts, what it executes, and what it can reach.

Defending this new attack surface requires moving towards semantic analysis to understand the actual instructions, logic, and context being fed to the AI. Powered by VirusTotal Code Insight, our agentic threat intelligence capability in Google Threat Intelligence extracts the true operational intent behind agent-facing files at scale, allowing security teams to expose configurations that override guardrails and ...