I’ve been thinking a lot about where AI coding tools stop being “helpful” and start becoming part of the runtime risk model.

This piece is about that line.

For Java teams, the real issue is not bad generated code. It’s excessive agency: shell access, secrets, MCP tools, and autonomous actions without enough containment.

https://www.the-main-thread.com/p/ai-coding-agents-security-java-blast-radius

#Java #Quarkus #DevSecOps #AICoding #SoftwareSecurity #EnterpriseJava