Edamame Security: “Workstation trust anchor for developers and local devices. Monitors posture drift, divergence, and attack findings during local agent workloads.”Edamame Posture: “CLI and host control surface for runners, servers, and agent hosts. Hardens self-hosted environments before agents operate, then watches runtime evidence.”Agent integrations: “Cursor, Claude Desktop, Claude Code, Codex, and OpenClaw as named runtime surfaces. Agent-native signals complement host telemetry.”Divergence engine: “Joins captured coding-agent intent with process, filesystem, network, tool-call, and posture telemetry on the host.”Attack-pattern detection engine: “Runs CVE-aligned checks on live telemetry for credential harvest, token exfiltration, sandbox exploitation, sensitive-file access, and supply-chain behavior.”Edamame Hub: “Surfaces unsecured coding-agent installs across the fleet and gives teams a single place to review divergence evidence and attack findings.”Edamame describes its system as not just another interface bolted onto the SDLC, but a way to bring runtime verification and attack detection into places where developers and agents already work.“Coding agents are becoming the execution layer for software delivery,” explains serial entrepreneur Frank Lyonnet, founder and CEO of Edamame Technologies. “That changes the security question from ‘is this developer trusted?’ to ‘did the agent stay inside the operator’s intent, on this host, under this posture?’ Edamame measures that divergence from host telemetry, and alerts immediately when the evidence shows intent drift or concrete attack patterns.”Kave Salamatian, professor of computer science at the university of Savoie in the French Alps, adds: “Verifying the behavior of autonomous software agents – comparing each action against an explicit policy, at the boundary, with evidence – has been a recurring theme in the research community for a decade. What Edamame Technologies is shipping for coding agents is the operational expression of that work, applied to a workflow that has clearly outgrown after-the-fact monitoring.”It is also worth noting a rather important side-effect of the Edamame system: the same host telemetry that feeds the runtime-verification divergence score – enriched with machine learning, anomaly detection and AI analysis – also detects the current wave of npm and PyPI supply-chain attacks reaching developer workstations through coding agents.While it would not have prevented theAxios npm RATfrom running, it would have detected its presence immediately after delivery. It couldn’t block installation, but would have detected suspicious activity the moment the RAT beaconed out to its C2. It would have detected the RAT’s attempt to read tokens and SSH keys and would have seen the attempt to exfiltrate those secrets. It wouldn’t prevent the RAT’s operation, but would immediately detect its presence and give the victim the ability for rapid remediation. The same principle applies to PyPI and other supply-chain attacks reaching developer workstations through coding agents.Edamame Technologies is backed by individual investors who are executives at Netskope, UiPath, and Sonar.Learn More at the AI Risk Summit | Ritz-Carlton, Half Moon BayRelated:‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery SystemsRelated:Developers Must Slay the Complexity and Security Issues of AI Coding ToolsRelated:‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor DeliveryRelated:From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI
Edamame Posture: “CLI and host control surface for runners, servers, and agent hosts. Hardens self-hosted environments before agents operate, then watches runtime evidence.”Agent integrations: “Cursor, Claude Desktop, Claude Code, Codex, and OpenClaw as named runtime surfaces. Agent-native signals complement host telemetry.”Divergence engine: “Joins captured coding-agent intent with process, filesystem, network, tool-call, and posture telemetry on the host.”Attack-pattern detection engine: “Runs CVE-aligned checks on live telemetry for credential harvest, token exfiltration, sandbox exploitation, sensitive-file access, and supply-chain behavior.”Edamame Hub: “Surfaces unsecured coding-agent installs across the fleet and gives teams a single place to review divergence evidence and attack findings.”Edamame describes its system as not just another interface bolted onto the SDLC, but a way to bring runtime verification and attack detection into places where developers and agents already work.“Coding agents are becoming the execution layer for software delivery,” explains serial entrepreneur Frank Lyonnet, founder and CEO of Edamame Technologies. “That changes the security question from ‘is this developer trusted?’ to ‘did the agent stay inside the operator’s intent, on this host, under this posture?’ Edamame measures that divergence from host telemetry, and alerts immediately when the evidence shows intent drift or concrete attack patterns.”Kave Salamatian, professor of computer science at the university of Savoie in the French Alps, adds: “Verifying the behavior of autonomous software agents – comparing each action against an explicit policy, at the boundary, with evidence – has been a recurring theme in the research community for a decade. What Edamame Technologies is shipping for coding agents is the operational expression of that work, applied to a workflow that has clearly outgrown after-the-fact monitoring.”It is also worth noting a rather important side-effect of the Edamame system: the same host telemetry that feeds the runtime-verification divergence score – enriched with machine learning, anomaly detection and AI analysis – also detects the current wave of npm and PyPI supply-chain attacks reaching developer workstations through coding agents.While it would not have prevented theAxios npm RATfrom running, it would have detected its presence immediately after delivery. It couldn’t block installation, but would have detected suspicious activity the moment the RAT beaconed out to its C2. It would have detected the RAT’s attempt to read tokens and SSH keys and would have seen the attempt to exfiltrate those secrets. It wouldn’t prevent the RAT’s operation, but would immediately detect its presence and give the victim the ability for rapid remediation. The same principle applies to PyPI and other supply-chain attacks reaching developer workstations through coding agents.Edamame Technologies is backed by individual investors who are executives at Netskope, UiPath, and Sonar.Learn More at the AI Risk Summit | Ritz-Carlton, Half Moon BayRelated:‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery SystemsRelated:Developers Must Slay the Complexity and Security Issues of AI Coding ToolsRelated:‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor DeliveryRelated:From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI
Agent integrations: “Cursor, Claude Desktop, Claude Code, Codex, and OpenClaw as named runtime surfaces. Agent-native signals complement host telemetry.”Divergence engine: “Joins captured coding-agent intent with process, filesystem, network, tool-call, and posture telemetry on the host.”Attack-pattern detection engine: “Runs CVE-aligned checks on live telemetry for credential harvest, token exfiltration, sandbox exploitation, sensitive-file access, and supply-chain behavior.”Edamame Hub: “Surfaces unsecured coding-agent installs across the fleet and gives teams a single place to review divergence evidence and attack findings.”Edamame describes its system as not just another interface bolted onto the SDLC, but a way to bring runtime verification and attack detection into places where developers and agents already work.“Coding agents are becoming the execution layer for software delivery,” explains serial entrepreneur Frank Lyonnet, founder and CEO of Edamame Technologies. “That changes the security question from ‘is this developer trusted?’ to ‘did the agent stay inside the operator’s intent, on this host, under this posture?’ Edamame measures that divergence from host telemetry, and alerts immediately when the evidence shows intent drift or concrete attack patterns.”Kave Salamatian, professor of computer science at the university of Savoie in the French Alps, adds: “Verifying the behavior of autonomous software agents – comparing each action against an explicit policy, at the boundary, with evidence – has been a recurring theme in the research community for a decade. What Edamame Technologies is shipping for coding agents is the operational expression of that work, applied to a workflow that has clearly outgrown after-the-fact monitoring.”It is also worth noting a rather important side-effect of the Edamame system: the same host telemetry that feeds the runtime-verification divergence score – enriched with machine learning, anomaly detection and AI analysis – also detects the current wave of npm and PyPI supply-chain attacks reaching developer workstations through coding agents.While it would not have prevented theAxios npm RATfrom running, it would have detected its presence immediately after delivery. It couldn’t block installation, but would have detected suspicious activity the moment the RAT beaconed out to its C2. It would have detected the RAT’s attempt to read tokens and SSH keys and would have seen the attempt to exfiltrate those secrets. It wouldn’t prevent the RAT’s operation, but would immediately detect its presence and give the victim the ability for rapid remediation. The same principle applies to PyPI and other supply-chain attacks reaching developer workstations through coding agents.Edamame Technologies is backed by individual investors who are executives at Netskope, UiPath, and Sonar.Learn More at the AI Risk Summit | Ritz-Carlton, Half Moon BayRelated:‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery SystemsRelated:Developers Must Slay the Complexity and Security Issues of AI Coding ToolsRelated:‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor DeliveryRelated:From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI
Divergence engine: “Joins captured coding-agent intent with process, filesystem, network, tool-call, and posture telemetry on the host.”Attack-pattern detection engine: “Runs CVE-aligned checks on live telemetry for credential harvest, token exfiltration, sandbox exploitation, sensitive-file access, and supply-chain behavior.”Edamame Hub: “Surfaces unsecured coding-agent installs across the fleet and gives teams a single place to review divergence evidence and attack findings.”Edamame describes its system as not just another interface bolted onto the SDLC, but a way to bring runtime verification and attack detection into places where developers and agents already work.“Coding agents are becoming the execution layer for software delivery,” explains serial entrepreneur Frank Lyonnet, founder and CEO of Edamame Technologies. “That changes the security question from ‘is this developer trusted?’ to ‘did the agent stay inside the operator’s intent, on this host, under this posture?’ Edamame measures that divergence from host telemetry, and alerts immediately when the evidence shows intent drift or concrete attack patterns.”Kave Salamatian, professor of computer science at the university of Savoie in the French Alps, adds: “Verifying the behavior of autonomous software agents – comparing each action against an explicit policy, at the boundary, with evidence – has been a recurring theme in the research community for a decade. What Edamame Technologies is shipping for coding agents is the operational expression of that work, applied to a workflow that has clearly outgrown after-the-fact monitoring.”It is also worth noting a rather important side-effect of the Edamame system: the same host telemetry that feeds the runtime-verification divergence score – enriched with machine learning, anomaly detection and AI analysis – also detects the current wave of npm and PyPI supply-chain attacks reaching developer workstations through coding agents.While it would not have prevented theAxios npm RATfrom running, it would have detected its presence immediately after delivery. It couldn’t block installation, but would have detected suspicious activity the moment the RAT beaconed out to its C2. It would have detected the RAT’s attempt to read tokens and SSH keys and would have seen the attempt to exfiltrate those secrets. It wouldn’t prevent the RAT’s operation, but would immediately detect its presence and give the victim the ability for rapid remediation. The same principle applies to PyPI and other supply-chain attacks reaching developer workstations through coding agents.Edamame Technologies is backed by individual investors who are executives at Netskope, UiPath, and Sonar.Learn More at the AI Risk Summit | Ritz-Carlton, Half Moon BayRelated:‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery SystemsRelated:Developers Must Slay the Complexity and Security Issues of AI Coding ToolsRelated:‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor DeliveryRelated:From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI
Attack-pattern detection engine: “Runs CVE-aligned checks on live telemetry for credential harvest, token exfiltration, sandbox exploitation, sensitive-file access, and supply-chain behavior.”Edamame Hub: “Surfaces unsecured coding-agent installs across the fleet and gives teams a single place to review divergence evidence and attack findings.”Edamame describes its system as not just another interface bolted onto the SDLC, but a way to bring runtime verification and attack detection into places where developers and agents already work.“Coding agents are becoming the execution layer for software delivery,” explains serial entrepreneur Frank Lyonnet, founder and CEO of Edamame Technologies. “That changes the security question from ‘is this developer trusted?’ to ‘did the agent stay inside the operator’s intent, on this host, under this posture?’ Edamame measures that divergence from host telemetry, and alerts immediately when the evidence shows intent drift or concrete attack patterns.”Kave Salamatian, professor of computer science at the university of Savoie in the French Alps, adds: “Verifying the behavior of autonomous software agents – comparing each action against an explicit policy, at the boundary, with evidence – has been a recurring theme in the research community for a decade. What Edamame Technologies is shipping for coding agents is the operational expression of that work, applied to a workflow that has clearly outgrown after-the-fact monitoring.”It is also worth noting a rather important side-effect of the Edamame system: the same host telemetry that feeds the runtime-verification divergence score – enriched with machine learning, anomaly detection and AI analysis – also detects the current wave of npm and PyPI supply-chain attacks reaching developer workstations through coding agents.While it would not have prevented theAxios npm RATfrom running, it would have detected its presence immediately after delivery. It couldn’t block installation, but would have detected suspicious activity the moment the RAT beaconed out to its C2. It would have detected the RAT’s attempt to read tokens and SSH keys and would have seen the attempt to exfiltrate those secrets. It wouldn’t prevent the RAT’s operation, but would immediately detect its presence and give the victim the ability for rapid remediation. The same principle applies to PyPI and other supply-chain attacks reaching developer workstations through coding agents.Edamame Technologies is backed by individual investors who are executives at Netskope, UiPath, and Sonar.Learn More at the AI Risk Summit | Ritz-Carlton, Half Moon BayRelated:‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery SystemsRelated:Developers Must Slay the Complexity and Security Issues of AI Coding ToolsRelated:‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor DeliveryRelated:From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI
Edamame Hub: “Surfaces unsecured coding-agent installs across the fleet and gives teams a single place to review divergence evidence and attack findings.”Edamame describes its system as not just another interface bolted onto the SDLC, but a way to bring runtime verification and attack detection into places where developers and agents already work.“Coding agents are becoming the execution layer for software delivery,” explains serial entrepreneur Frank Lyonnet, founder and CEO of Edamame Technologies. “That changes the security question from ‘is this developer trusted?’ to ‘did the agent stay inside the operator’s intent, on this host, under this posture?’ Edamame measures that divergence from host telemetry, and alerts immediately when the evidence shows intent drift or concrete attack patterns.”Kave Salamatian, professor of computer science at the university of Savoie in the French Alps, adds: “Verifying the behavior of autonomous software agents – comparing each action against an explicit policy, at the boundary, with evidence – has been a recurring theme in the research community for a decade. What Edamame Technologies is shipping for coding agents is the operational expression of that work, applied to a workflow that has clearly outgrown after-the-fact monitoring.”It is also worth noting a rather important side-effect of the Edamame system: the same host telemetry that feeds the runtime-verification divergence score – enriched with machine learning, anomaly detection and AI analysis – also detects the current wave of npm and PyPI supply-chain attacks reaching developer workstations through coding agents.While it would not have prevented theAxios npm RATfrom running, it would have detected its presence immediately after delivery. It couldn’t block installation, but would have detected suspicious activity the moment the RAT beaconed out to its C2. It would have detected the RAT’s attempt to read tokens and SSH keys and would have seen the attempt to exfiltrate those secrets. It wouldn’t prevent the RAT’s operation, but would immediately detect its presence and give the victim the ability for rapid remediation. The same principle applies to PyPI and other supply-chain attacks reaching developer workstations through coding agents.Edamame Technologies is backed by individual investors who are executives at Netskope, UiPath, and Sonar.Learn More at the AI Risk Summit | Ritz-Carlton, Half Moon BayRelated:‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery SystemsRelated:Developers Must Slay the Complexity and Security Issues of AI Coding ToolsRelated:‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor DeliveryRelated:From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI
Edamame describes its system as not just another interface bolted onto the SDLC, but a way to bring runtime verification and attack detection into places where developers and agents already work.“Coding agents are becoming the execution layer for software delivery,” explains serial entrepreneur Frank Lyonnet, founder and CEO of Edamame Technologies. “That changes the security question from ‘is this developer trusted?’ to ‘did the agent stay inside the operator’s intent, on this host, under this posture?’ Edamame measures that divergence from host telemetry, and alerts immediately when the evidence shows intent drift or concrete attack patterns.”Kave Salamatian, professor of computer science at the university of Savoie in the French Alps, adds: “Verifying the behavior of autonomous software agents – comparing each action against an explicit policy, at the boundary, with evidence – has been a recurring theme in the research community for a decade. What Edamame Technologies is shipping for coding agents is the operational expression of that work, applied to a workflow that has clearly outgrown after-the-fact monitoring.”It is also worth noting a rather important side-effect of the Edamame system: the same host telemetry that feeds the runtime-verification divergence score – enriched with machine learning, anomaly detection and AI analysis – also detects the current wave of npm and PyPI supply-chain attacks reaching developer workstations through coding agents.While it would not have prevented theAxios npm RATfrom running, it would have detected its presence immediately after delivery. It couldn’t block installation, but would have detected suspicious activity the moment the RAT beaconed out to its C2. It would have detected the RAT’s attempt to read tokens and SSH keys and would have seen the attempt to exfiltrate those secrets. It wouldn’t prevent the RAT’s operation, but would immediately detect its presence and give the victim the ability for rapid remediation. The same principle applies to PyPI and other supply-chain attacks reaching developer workstations through coding agents.Edamame Technologies is backed by individual investors who are executives at Netskope, UiPath, and Sonar.Learn More at the AI Risk Summit | Ritz-Carlton, Half Moon BayRelated:‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery SystemsRelated:Developers Must Slay the Complexity and Security Issues of AI Coding ToolsRelated:‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor DeliveryRelated:From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI
“Coding agents are becoming the execution layer for software delivery,” explains serial entrepreneur Frank Lyonnet, founder and CEO of Edamame Technologies. “That changes the security question from ‘is this developer trusted?’ to ‘did the agent stay inside the operator’s intent, on this host, under this posture?’ Edamame measures that divergence from host telemetry, and alerts immediately when the evidence shows intent drift or concrete attack patterns.”Kave Salamatian, professor of computer science at the university of Savoie in the French Alps, adds: “Verifying the behavior of autonomous software agents – comparing each action against an explicit policy, at the boundary, with evidence – has been a recurring theme in the research community for a decade. What Edamame Technologies is shipping for coding agents is the operational expression of that work, applied to a workflow that has clearly outgrown after-the-fact monitoring.”It is also worth noting a rather important side-effect of the Edamame system: the same host telemetry that feeds the runtime-verification divergence score – enriched with machine learning, anomaly detection and AI analysis – also detects the current wave of npm and PyPI supply-chain attacks reaching developer workstations through coding agents.While it would not have prevented theAxios npm RATfrom running, it would have detected its presence immediately after delivery. It couldn’t block installation, but would have detected suspicious activity the moment the RAT beaconed out to its C2. It would have detected the RAT’s attempt to read tokens and SSH keys and would have seen the attempt to exfiltrate those secrets. It wouldn’t prevent the RAT’s operation, but would immediately detect its presence and give the victim the ability for rapid remediation. The same principle applies to PyPI and other supply-chain attacks reaching developer workstations through coding agents.Edamame Technologies is backed by individual investors who are executives at Netskope, UiPath, and Sonar.Learn More at the AI Risk Summit | Ritz-Carlton, Half Moon BayRelated:‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery SystemsRelated:Developers Must Slay the Complexity and Security Issues of AI Coding ToolsRelated:‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor DeliveryRelated:From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI
Kave Salamatian, professor of computer science at the university of Savoie in the French Alps, adds: “Verifying the behavior of autonomous software agents – comparing each action against an explicit policy, at the boundary, with evidence – has been a recurring theme in the research community for a decade. What Edamame Technologies is shipping for coding agents is the operational expression of that work, applied to a workflow that has clearly outgrown after-the-fact monitoring.”It is also worth noting a rather important side-effect of the Edamame system: the same host telemetry that feeds the runtime-verification divergence score – enriched with machine learning, anomaly detection and AI analysis – also detects the current wave of npm and PyPI supply-chain attacks reaching developer workstations through coding agents.While it would not have prevented theAxios npm RATfrom running, it would have detected its presence immediately after delivery. It couldn’t block installation, but would have detected suspicious activity the moment the RAT beaconed out to its C2. It would have detected the RAT’s attempt to read tokens and SSH keys and would have seen the attempt to exfiltrate those secrets. It wouldn’t prevent the RAT’s operation, but would immediately detect its presence and give the victim the ability for rapid remediation. The same principle applies to PyPI and other supply-chain attacks reaching developer workstations through coding agents.Edamame Technologies is backed by individual investors who are executives at Netskope, UiPath, and Sonar.Learn More at the AI Risk Summit | Ritz-Carlton, Half Moon BayRelated:‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery SystemsRelated:Developers Must Slay the Complexity and Security Issues of AI Coding ToolsRelated:‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor DeliveryRelated:From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI
It is also worth noting a rather important side-effect of the Edamame system: the same host telemetry that feeds the runtime-verification divergence score – enriched with machine learning, anomaly detection and AI analysis – also detects the current wave of npm and PyPI supply-chain attacks reaching developer workstations through coding agents.While it would not have prevented theAxios npm RATfrom running, it would have detected its presence immediately after delivery. It couldn’t block installation, but would have detected suspicious activity the moment the RAT beaconed out to its C2. It would have detected the RAT’s attempt to read tokens and SSH keys and would have seen the attempt to exfiltrate those secrets. It wouldn’t prevent the RAT’s operation, but would immediately detect its presence and give the victim the ability for rapid remediation. The same principle applies to PyPI and other supply-chain attacks reaching developer workstations through coding agents.Edamame Technologies is backed by individual investors who are executives at Netskope, UiPath, and Sonar.Learn More at the AI Risk Summit | Ritz-Carlton, Half Moon BayRelated:‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery SystemsRelated:Developers Must Slay the Complexity and Security Issues of AI Coding ToolsRelated:‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor DeliveryRelated:From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI
Source: SecurityWeek
