The North Atlantic Drift, an extension of the Gulf Stream, brings warm waters to the west coast of France. The AI Coding Drift is something altogether more chilling and global. France-based Edamame has a new solution for the latter.
Developers are using AI coding agents en masse to increase the speed of code development. This is a good intention – but one that may hide a bad outcome. Coding agents tend to diverge from the developer’s initial declared intent into doing something different but often undetectable.
This divergence is generally known as code drift. It can occur with any agent but can be worsened by self-improving agents. A major cause can be organic within the agent or force-feeding by attacker-poisoned assets. The latter creates the more dangerous and immediate divergence, and can lead to the exfiltration of tokens, SSH keys, CI secrets, source code, or developer wallet material as part of a valid local process.
Drift, including unassisted organic drift, occurs because the agent operates inside a rich and mutable context. The context may change and diverge from the developer’s understanding; and code drift results. The level of trust endowed to agents enables the drift to continue unnoticed and traditional security tools to trust the result.
Other causes of drift are explained in detail in France-based Edamame’s announcement of its solution to counter the effect and/or damage that may be caused. The solution is a runtime security system described as a host‑side runtime evidence layer performing runtime verification and attack‑pattern detection for coding agents.
It is composed of six major modules, or layers, that operate together to implement runtime verification and attack‑pattern detection. The six layers are:
Edamame Security: “Workstation trust anchor for developers and local devices. Monitors posture drift, divergence, and attack findings during local agent workloads.”
Edamame Posture: “CLI and host control surface for runners, servers, and agent hosts. Hardens self-hosted environments before agents operate, then watches runtime evidence.”
Agent integrations: “Cursor, Claude Desktop, Claude Code, Codex, and OpenClaw as named runtime surfaces. Agent-native signals complement host telemetry.”
Divergence engine: “Joins captured coding-agent intent with process, filesystem, network, tool-call, and posture telemetry on the host.”
Attack-pattern detection engine: “Runs CVE-aligned checks on live telemetry for credential harvest, token exfiltration, sandbox exploitation, sensitive-file access, and supply-chain behavior.”
Edamame Hub: “Surfaces unsecured coding-agent installs across the fleet and gives teams a single place to review divergence evidence and attack findings.”
Edamame describes its system as not just another interface bolted onto the SDLC, but a way to bring runtime verification and attack detection into places where developers and agents already work.
“Coding agents are becoming the execution layer for software delivery,” explains serial entrepreneur Frank Lyonnet, founder and CEO of Edamame Technologies. “That changes the security question from ‘is this developer trusted?’ to ‘did the agent stay inside the operator’s intent, on this host, under this posture?’ Edamame measures that divergence from host telemetry, and alerts immediately when the evidence shows intent drift or concrete attack patterns.”
Kave Salamatian, professor of computer science at the university of Savoie in the French Alps, adds: “Verifying the behavior of autonomous software agents – comparing each action against an explicit policy, at the boundary, with evidence – has been a recurring theme in the research community for a decade. What Edamame Technologies is shipping for coding agents is the operational expression of that work, applied to a workflow that has clearly outgrown after-the-fact monitoring.”
It is also worth noting a rather important side-effect of the Edamame system: the same host telemetry that feeds the runtime-verification divergence score – enriched with machine learning, anomaly detection and AI analysis – also detects the current wave of npm and PyPI supply-chain attacks reaching developer workstations through coding agents.
While it would not have prevented the Axios npm RAT from running, it would have detected its presence immediately after delivery. It couldn’t block installation, but would have detected suspicious activity the moment the RAT beaconed out to its C2. It would have detected the RAT’s attempt to read tokens and SSH keys and would have seen the attempt to exfiltrate those secrets. It wouldn’t prevent the RAT’s operation, but would immediately detect its presence and give the victim the ability for rapid remediation. The same principle applies to PyPI and other supply-chain attacks reaching developer workstations through coding agents.
Edamame Technologies is backed by individual investors who are executives at Netskope, UiPath, and Sonar.
Learn More at the AI Risk Summit | Ritz-Carlton, Half Moon Bay
Related: ‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems
Related: Developers Must Slay the Complexity and Security Issues of AI Coding Tools
Related: ‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery
Related: From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI
