New Edamame Platform Aims to Catch AI Coding Agents Going Off the Rails

Summary

France-based Edamame has announced a runtime verification platform designed to detect when AI coding agents diverge from developer intent, potentially stealing secrets or executing supply-chain attacks. The system uses host telemetry and AI analysis across six integrated modules to monitor coding agents like Cursor, Claude Desktop, and others for credential harvesting, token exfiltration, and malicious behavior in real time. The platform shifts security focus from trusting developers to verifying that agents stay within their intended scope on each host.

Full text

The North Atlantic Drift, an extension of the Gulf Stream, brings warm waters to the west coast of France. The AI Coding Drift is something altogether more chilling and global. France-based Edamame has a new solution for the latter. Developers are using AI coding agents en masse to increase the speed of code development. This is a good intention – but one that may hide a bad outcome. Coding agents tend to diverge from the developer’s initial declared intent into doing something different but often undetectable. This divergence is generally known as code drift. It can occur with any agent but can be worsened by self-improving agents. A major cause can be organic within the agent or force-feeding by attacker-poisoned assets. The latter creates the more dangerous and immediate divergence, and can lead to the exfiltration of tokens, SSH keys, CI secrets, source code, or developer wallet material as part of a valid local process. Drift, including unassisted organic drift, occurs because the agent operates inside a rich and mutable context. The context may change and diverge from the developer’s understanding; and code drift results. The level of trust endowed to agents enables the drift to continue unnoticed and traditional security tools to trust the result. Other causes of drift are explained in detail in France-based Edamame’s announcement of its solution to counter the effect and/or damage that may be caused. The solution is a runtime security system described as a host‑side runtime evidence layer performing runtime verification and attack‑pattern detection for coding agents. It is composed of six major modules, or layers, that operate together to implement runtime verification and attack‑pattern detection. The six layers are:Advertisement. Scroll to continue reading. Edamame Security: “Workstation trust anchor for developers and local devices. Monitors posture drift, divergence, and attack findings during local agent workloads.” Edamame Posture: “CLI and host control surface for runners, servers, and agent hosts. Hardens self-hosted environments before agents operate, then watches runtime evidence.” Agent integrations: “Cursor, Claude Desktop, Claude Code, Codex, and OpenClaw as named runtime surfaces. Agent-native signals complement host telemetry.” Divergence engine: “Joins captured coding-agent intent with process, filesystem, network, tool-call, and posture telemetry on the host.” Attack-pattern detection engine: “Runs CVE-aligned checks on live telemetry for credential harvest, token exfiltration, sandbox exploitation, sensitive-file access, and supply-chain behavior.” Edamame Hub: “Surfaces unsecured coding-agent installs across the fleet and gives teams a single place to review divergence evidence and attack findings.” Edamame describes its system as not just another interface bolted onto the SDLC, but a way to bring runtime verification and attack detection into places where developers and agents already work. “Coding agents are becoming the execution layer for software delivery,” explains serial entrepreneur Frank Lyonnet, founder and CEO of Edamame Technologies. “That changes the security question from ‘is this developer trusted?’ to ‘did the agent stay inside the operator’s intent, on this host, under this posture?’ Edamame measures that divergence from host telemetry, and alerts immediately when the evidence shows intent drift or concrete attack patterns.” Kave Salamatian, professor of computer science at the university of Savoie in the French Alps, adds: “Verifying the behavior of autonomous software agents – comparing each action against an explicit policy, at the boundary, with evidence – has been a recurring theme in the research community for a decade. What Edamame Technologies is shipping for coding agents is the operational expression of that work, applied to a workflow that has clearly outgrown after-the-fact monitoring.” It is also worth noting a rather important side-effect of the Edamame system: the same host telemetry that feeds the runtime-verification divergence score – enriched with machine learning, anomaly detection and AI analysis – also detects the current wave of npm and PyPI supply-chain attacks reaching developer workstations through coding agents. While it would not have prevented the Axios npm RAT from running, it would have detected its presence immediately after delivery. It couldn’t block installation, but would have detected suspicious activity the moment the RAT beaconed out to its C2. It would have detected the RAT’s attempt to read tokens and SSH keys and would have seen the attempt to exfiltrate those secrets. It wouldn’t prevent the RAT’s operation, but would immediately detect its presence and give the victim the ability for rapid remediation. The same principle applies to PyPI and other supply-chain attacks reaching developer workstations through coding agents. Edamame Technologies is backed by individual investors who are executives at Netskope, UiPath, and Sonar. Learn More at the AI Risk Summit | Ritz-Carlton, Half Moon Bay Related: ‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems Related: Developers Must Slay the Complexity and Security Issues of AI Coding Tools Related: ‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery Related: From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI Written By Kevin Townsend Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Kevin Townsend The Credential Crisis: How Stolen Credentials Defeat Modern Security‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery SystemsAppOmni’s Marlin AI Brings Autonomous Investigation to SaaS SecurityOpen Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker ImagesSupply Chain Security Crisis: Too Many Vulnerabilities, Too Little VisibilityAI-Powered App Attacks Are Faster, More Frequent and Harder to Stop1Password Teams With OpenAI to Stop AI Coding Agents From Leaking CredentialsLegacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks Latest News Gitea Vulnerability Exposed 30,000 Deployments to AttacksRaising the Cybersecurity Stakes: Ante up for the Agentic EraGoogle Unveils AI Threat Defense Platform to Fight AI-Powered CyberattacksUK Cyberspying Chief Calls AI ‘an Unstoppable Force’ and Warns About RussiaVulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance RateSecurityWeek to Host AI Risk Summit August 11-12 at the Ritz-Carlton, Half Moon BayRevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software BinariesRomanian Hacker Sentenced to Prison in US for Selling Access to State Network Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Virtual Event: Threat Detection and Incident Response Summit On-Demand Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register Webinar: Third-Party Risk in Practice June 4, 2026 Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice. Register People on the MoveJoe Chen has become Chi

Entities