OWASP's agentic security report says your coding agent is the attack surface

The OWASP GenAI Security Project's 2026 State of Agentic AI Security reads nothing like last year's. The 2025 edition listed plausible threats; the 2026 one catalogues real CVEs, vendor advisories and breaches.

Coding agents are the centre of gravity. Of 53 agentic projects OWASP tracks, 28 are coding agents, and the five fastest-growing tools (Claude Code, Gemini CLI, Codex, Cline and Aider) all sit in that category. The projects carrying the most security advisories read like a tools leaderboard: workflow platform n8n (57), Claude Code (22), AutoGPT (15), Dify (13) and Roo-Code (11). Release velocity makes triage harder; seven tracked projects ship updates daily or faster, and one averaged a new release every eight hours. Prompt injection maps to six of OWASP's ten agentic risk categories, because models still read the system prompt, the user's request and retrieved web text as one undifferentiated token stream.

Standard software-composition scanners were never built for code that changes every eight hours, which is the gap the report keeps circling.