Abstract

The rapid adoption of artificial intelligence (AI)-assisted software development tools has introduced a new and largely unexamined attack surface within the modern software supply chain. AI-powered coding assis tants integrated into integrated development environments (IDEs) can analyze repository context and au tonomously generate or modify source code across multiple files, thereby significantly accelerating software development productivity. However, this capability simultaneously introduces security risks that challenge traditional assumptions of trust, intent verification, and code provenance in software development workflows. In particular, AI systems may generate insecure code patterns, recommend malicious or nonexistent depend encies, or propagate vulnerabilities through contextual code generation mechanisms. This paper examines the emerging threat landscape associated with AI-driven code generation and identifies several novel attack vectors including indirect prompt manipulation, cross- file context poisoning, and automated dependency injection attacks. We propose a hybrid real-time security architecture that combines static code analysis with AI-based semantic inspection to detect malicious or anomalous code at the moment it is generated. The architecture integrates directly into developer IDE environments and continuously monitors AI-generated code suggestions, providing immediate feedback to developers and centralized alerts to security teams. The f indings demonstrate that AI-assisted development environments require a zero-trust security model in which AI- generated code is treated as untrusted until verified. Our work highlights the need for new defensive mech anisms to secure the software supply chain in the era of AI-driven software engineering.

DOI: doi.org/10.63721/26JPAIR0129

To Read or Download the Article  PDF