Abstract

The rapid adoption of artificial intelligence (AI)-assisted software development tools has introduced a new and largely unexamined attack surface within the modern software supply chain. AI-powered coding assistants integrated into integrated development environments (IDEs) can analyze repository context and autonomously generate or modify source code across multiple files, thereby significantly accelerating software development productivity. However, this capability simultaneously introduces security risks that challenge traditional assumptions of trust, intent verification, and code provenance in software development workflows. In particular, AI systems may generate insecure code patterns, recommend malicious or nonexistent dependencies, or propagate vulnerabilities through contextual code generation mechanisms. This paper examines the emerging threat landscape associated with AI-driven code generation and identifies several novel attack vectors including indirect prompt manipulation, cross- file context poisoning, and automated dependency injection attacks. We propose a hybrid real-time security architecture that combines static code analysis with AI-based semantic inspection to detect malicious or anomalous code at the moment it is generated. The architecture integrates directly into developer IDE environments and continuously monitors AI-generated code suggestions, providing immediate feedback to developers and centralized alerts to security teams. The findings demonstrate that AI-assisted development environments require a zero-trust security model in which AI- generated code is treated as untrusted until verified. Our work highlights the need for new defensive mechanisms to secure the software supply chain in the era of AI-driven software engineering.

DOI: doi.org/10.63721/26JPAIR0130

To Read or Download the Article  PDF