Claude-Code

The more capable your AI coding assistant gets, the more dangerous it becomes. I know that sounds backwards. Security tools are supposed to get safer as they mature. But with agentic coding tools, the relationship between capability and risk flips in a way that nobody prepared for. Academic research published in April 2026 tested 2,000 attack instances across nine LLMs. The result? The strongest instruction-following models — the ones enterprises actually want to deploy — were the ones most likely to hand an attacker your database credentials. ...

One tool has 50 admin-controlled security settings deployable via MDM. Two tools have literally no documented MCP governance at all. One tool can’t even let admins disable telemetry. I spent two weeks digging through every piece of public documentation across six agentic coding tools — not marketing pages, not whitepapers, but actual config files, API docs, privacy policies, and security certifications. What I found was a landscape where the distance between best-in-class and “we’ll figure it out later” is measured in light-years, not inches. ...