When AI Writes Your Code, the Supply Chain Security Question Gets Harder

Software supply chain security was already a mess. Then AI joined the build pipeline.

For years, the question was simple: what’s in your code? Which open-source packages, which versions, which transitive dependencies? SolarWinds, Log4Shell, XZ Utils — same lesson every time. The risk isn’t the code you write. It’s everything that produces it.

Then came Shai-Hulud, the self-propagating malicious package campaign that spread through developer toolchains this year. That taught a new lesson: knowing what’s in your code is necessary. It’s no longer sufficient.

AI tools have become load-bearing parts of the build. Code written by agents. Packages pulled in by autonomous tools that decide they’re needed. Prompts — actual text inputs — are now real inputs to the build process. Which means they’re a real way to compromise it. None of this existed in most security programs when they were designed.

It’s tempting to treat AI-generated code as just more code. Run the same scanners. Call it covered. That misses the point.

The provenance question now applies to the model, the agent, and the tooling — not just the artifact. An AI assistant suggests a dependency and a developer accepts it without the package ever crossing a human threat model. An autonomous agent reaches for a tool over MCP, and that tool reaches for another. A crafted prompt steers what gets written or pulled in.

The hard part isn’t scanning AI output. It’s governing the agents doing the writing and the tools they call. That’s where supply chain security has to go next.