37 Vulnerabilities Exposed Across 15 AI IDEs: The Threat Model Every Agent Builder Must Understand

If you give an LLM a shell, you are giving it the keys to the kingdom. It's that simple. We are building systems that dynamically fetch untrusted code, synthesize new logic, and immediately execute it. The moment you introduce autonomous execution to a model with agency, you move from "stochastic parrot" to "stochastic RCE." A naked shell in an agentic loop isn't a feature; it is a critical vulnerability waiting for a payload. If you think this is theoretical paranoia, look at the data. At the [un]prompted conference (March 2026), AI red teamer Piotr Ryciak from Mindgard presented findings from auditing over 15 major AI coding tools. The list includes heavyweights like Google Gemini CLI, OpenAI Codex, Amazon Kiro, Anthropic Claude Code, and Cursor. The results? 37 security vulnerabilities , all leading to remote code execution, data exfiltration, or sandbox bypasses. The AI coding tool ecosystem right now mirrors the early browser wars. The entire industry — ourselves included — is rac