Table of Contents
Fetching ...

Understanding Security Risks of AI Agents' Dependency Updates

Tanmay Singla, Berk Çakar, Paschal C. Amusuo, James C. Davis

TL;DR

This paper investigates how AI coding agents influence software supply-chain security through dependency updates. Using a large-scale dataset (AIDev-pop) of 117,062 dependency changes across seven ecosystems, it compares agent- and human-authored PRs and labels vulnerabilities at PR time. The findings show agents more frequently select known-vulnerable versions and require more disruptive remediation, resulting in a net negative security impact compared with human edits. The work advocates PR-time vulnerability screening and registry-aware guardrails to safer agent-driven dependency maintenance in real-world software development.

Abstract

Package dependencies are a critical control point in modern software supply chains. Dependency changes can substantially alter a project's security posture. As AI coding agents increasingly modify software via pull requests, it is unclear whether their dependency decisions introduce distinct security risks. We study 117,062 dependency changes from agent- and human-authored pull requests across seven ecosystems. Agents select known-vulnerable versions more often than humans (2.46% vs. 1.64%), and their vulnerable selections are more disruptive to remediate, with 36.8% requiring major-version upgrades compared to 12.9% for humans, despite patched alternatives existing in most cases. At the aggregate level, agent-driven dependency work yields a net vulnerability increase of 98, whereas human-authored work yields a net reduction of 1,316. These findings motivate pull-request-time vulnerability screening and registry-aware guardrails to make agent-driven dependency updates safer.

Understanding Security Risks of AI Agents' Dependency Updates

TL;DR

This paper investigates how AI coding agents influence software supply-chain security through dependency updates. Using a large-scale dataset (AIDev-pop) of 117,062 dependency changes across seven ecosystems, it compares agent- and human-authored PRs and labels vulnerabilities at PR time. The findings show agents more frequently select known-vulnerable versions and require more disruptive remediation, resulting in a net negative security impact compared with human edits. The work advocates PR-time vulnerability screening and registry-aware guardrails to safer agent-driven dependency maintenance in real-world software development.

Abstract

Package dependencies are a critical control point in modern software supply chains. Dependency changes can substantially alter a project's security posture. As AI coding agents increasingly modify software via pull requests, it is unclear whether their dependency decisions introduce distinct security risks. We study 117,062 dependency changes from agent- and human-authored pull requests across seven ecosystems. Agents select known-vulnerable versions more often than humans (2.46% vs. 1.64%), and their vulnerable selections are more disruptive to remediate, with 36.8% requiring major-version upgrades compared to 12.9% for humans, despite patched alternatives existing in most cases. At the aggregate level, agent-driven dependency work yields a net vulnerability increase of 98, whereas human-authored work yields a net reduction of 1,316. These findings motivate pull-request-time vulnerability screening and registry-aware guardrails to make agent-driven dependency updates safer.
Paper Structure (19 sections, 2 figures, 6 tables)