More The AI Native Dev episodes
Published 17 Mar 2026
Duration: 2124
AI skills pose significant security risks, with 13.4% containing critical vulnerabilities like prompt injections and unauthorized access, driven by high privileges and obfuscated threats, requiring tools like Sneak/Snyk and complementary measures such as code reviews and supply chain monitoring.
Most developers install skills without reading what's inside them. But that's exactly what attackers are counting on. Simon Maple sits down with Brian...
The text highlights significant security risks in AI skills, with 13.4% of analyzed AI skills containing critical vulnerabilities, such as prompt injections, obfuscated malicious code, and unauthorized system access. These risks stem from AI skills often operating with high privileges (e.g., root access) and the ease of creating skills that could be weaponized to execute malicious scripts or exfiltrate data. Attackers exploit weaknesses like prompt injection (hidden instructions in non-English text or Unicode smuggling) and unverified dependencies in open-source repositories, which can chain minor flaws into major threats. The proliferation of AI-generated code exacerbates these risks, as models are not inherently trained for security, necessitating supplementary tools to detect vulnerabilities in generated code.
Multiple security tools and practices are emphasized to mitigate these risks. Platforms like Sneak and Snyk provide agent-based scans to identify vulnerabilities in AI skills and Machine-Callable Packages (MCPs), integrating security checks into development workflows. Version control and strict governance are critical to prevent unintended changes to skills or MCPs, which could introduce hidden malicious functionality. Tools like Evo monitor runtime behavior to enforce security policies, restrict unauthorized model usage, and provide visibility into AI deployment patterns. Additionally, the TESOL registry and Snyks agent scan tool offer transparency by flagging risky skills and providing detailed vulnerability scores, enabling users to make informed decisions about deployment.
The text underscores the need for proactive security measures, including regular scanning, rigorous code review, and education on secure AI practices. As agent-based systems and MCPs grow in popularity, their integration with high-privilege environments introduces new attack surfaces, requiring developers to prioritize security from the outset. Challenges include detecting vulnerabilities in natural language prompts, addressing false positives, and balancing rapid AI adoption with thorough risk assessments. The discussion also highlights the importance of community engagement through events like AI Native DevCon to share best practices and foster collaborative efforts in securing AI ecosystems.
12 May 2026 "AI Doesn't Stand for Artificial Intelligence" Venkat Subramaniam's Take Will Change How You Think About It
AI in software development requires balancing its speed and automation with human accountability for safety and ethics, emphasizing rigorous quality practices, community-driven adoption, critical thinking, and oversight to ensure AI complements rather than replaces human judgment.
5 May 2026 The Creator of Spring Thinks You Can't Code Serious Software With AI
Integrating AI into enterprises via HTTP calls and existing infrastructure requires balancing language agnosticism, deterministic frameworks like GOAT, Java/Kotlin over Python for reliability, and prioritizing explainability, human oversight, and alignment with business logic over overreliance on AI for simple tasks.
28 Apr 2026 What OpenAI, Stripe & ElevenLabs Devs Do Differently Now | AI Native Dev
The text examines challenges in integrating AI into software workflows, highlights AI-native practices like Stripe's Minions automating code tasks, emphasizes balancing human oversight with automation, and explores future trends in agent-native engineering, specialized models, open-source tools, and ethical considerations in AI-driven development.
21 Apr 2026 Logan Kilpatrick on Who Ships AGI, DeepMind and the Problem With More Software
Software developers must adapt to AI's complexity by bridging tools with real-world applications, mastering context engineering, shifting toward high-level design and system architecture, and navigating fragmented ecosystems as AGI emerges as an integrated system rather than a standalone model.
14 Apr 2026 Everything 100 Episodes Revealed About AI Native Dev
AI in software development shifts from code-centric practices to context- and specification-driven approaches, with humans prioritizing decision-making and oversight while AI handles implementation, but challenges like non-human-readable code, alignment with team practices, and contextual accuracy remain critical.