Artificial Intelligence New Edamame Platform Aims to Catch AI Coding Agents Going Off the Rails France-based startup Edamame says its runtime verification platform uses host telemetry and AI analysis to detect coding-agent “intent drift,” secret theft and supply-chain attacks in real time. By Kevin Townsend | May 28, 2026 (8:00 AM ET) Flipboard Reddit Whatsapp Whatsapp Email The North Atlantic Drift, an extension of the Gulf Stream, brings warm waters to the west coast of France. The AI Coding Drift is something altogether more chilling and global. France-based Edamame has a new solution for the latter. Developers are using AI coding agents en masse to increase the speed of code development. This is a good intention – but one that may hide a bad outcome. Coding agents tend to diverge from the developer’s initial declared intent into doing something different but often undetectable. This divergence is generally known as code drift. It can occur with any agent but can be worsened by self-improving agents. A major cause can be organic within the agent or force-feeding by attacker-poisoned assets. The latter creates the more dangerous and immediate divergence, and can lead to the exfiltration of tokens, SSH keys, CI secrets, source code, or developer wallet material as part of a valid local process. Drift, including unassisted organic drift, occurs because the agent operates inside a rich and mutable context. The context may change and diverge from the developer’s understanding; and code drift results. The level of trust endowed to agents enables the drift to continue unnoticed and traditional security tools to trust the result. Other causes of drift are explained in detail in France-based Edamame’s announcement of its solution to counter the effect and/or damage that may be caused. The solution is a runtime security system described as a host‑side runtime evidence layer performing runtime verification and attack‑pattern detection for coding agents. It is composed of six major modules, or layers, that operate together to implement runtime verification and attack‑pattern detection. The six layers are: Advertisement. Scroll to continue reading. Edamame Security : “Workstation trust anchor for developers and local devices. Monitors posture drift, divergence, and attack findings during local agent workloads.” Edamame Posture : “CLI and host control surface for runners, servers, and agent hosts. Hardens self-hosted environments before agents operate, then watches runtime evidence.” Agent integrations : “Cursor, Claude Desktop, Claude Code, Codex, and OpenClaw as named runtime surfaces. Agent-native signals complement host telemetry.” Divergence engine : “Joins captured coding-agent intent with process, filesystem, network, tool-call, and posture telemetry on the host.” Attack-pattern detection engine : “Runs CVE-aligned checks on live telemetry for credential harvest, token exfiltration, sandbox exploitation, sensitive-file access, and supply-chain behavior.” Edamame Hub : “Surfaces unsecured coding-agent installs across the fleet and gives teams a single place to review divergence evidence and attack findings.” Edamame describes its system as not just another interface bolted onto the SDLC, but a way to bring runtime verification and attack detection into places where developers and agents already work. “Coding agents are becoming the execution layer for software delivery,” explains serial entrepreneur Frank Lyonnet, founder and CEO of Edamame Technologies. “That changes the security question from ‘is this developer trusted?’ to ‘did the agent stay inside the operator’s intent, on this host, under this posture?’ Edamame measures that divergence from host telemetry, and alerts immediately when the evidence shows intent drift or concrete attack patterns.” Kave Salamatian, professor of computer science at the university of Savoie in the French Alps, adds: “Verifying the behavior of autonomous software agents – comparing each action against an explicit policy, at the boundary, with evidence – has been a recurring theme in the research community for a decade. What Edamame Technologies is shipping for coding agents is the operational expression of that work, applied to a workflow that has clearly outgrown after-the-fact monitoring.” It is also worth noting a rather important side-effect of the Edamame system: the same host telemetry that feeds the runtime-verification divergence score – enriched with machine learning, anomaly detection and AI analysis – also detects the current wave of npm and PyPI supply-chain attacks reaching developer workstations through coding agents. While it would not have prevented the Axios npm RAT from running, it would have detected its presence immediately after delivery. It couldn’t block installation, but would have detected suspicious activity the moment the RAT beaconed out to its C2. It would have detected the RAT’s attempt to read tokens and SSH keys and would have seen the attempt to exfiltrate those secrets. It wouldn’t prevent the RAT’s operation, but would immediately detect its presence and give the victim the ability for rapid remediation. The same principle applies to PyPI and other supply-chain attacks reaching developer workstations through coding agents. Edamame Technologies is backed by individual investors who are executives at Netskope, UiPath, and Sonar. Learn More at the AI Risk Summit | Ritz-Carlton, Half Moon Bay Related : ‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems Related : Developers Must Slay the Complexity and Security Issues of AI Coding Tools Related : ‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery Related : From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI Written By Kevin Townsend Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Kevin Townsend The Credential Crisis: How Stolen Credentials Defeat Modern Security ‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems AppOmni’s Marlin AI Brings Autonomous Investigation to SaaS Security Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker Images Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility AI-Powered App Attacks Are Faster, More Frequent and Harder to Stop 1Password Teams With OpenAI to Stop AI Coding Agents From Leaking Credentials Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks Latest News Gitea Vulnerability Exposed 30,000 Deployments to Attacks Raising the Cybersecurity Stakes: Ante up for the Agentic Era Google Unveils AI Threat Defense Platform to Fight AI-Powered Cyberattacks UK Cyberspying Chief Calls AI ‘an Unstoppable Force’ and Warns About Russia Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate SecurityWeek to Host AI Risk Summit August 11-12 at the Ritz-Carlton, Half Moon Bay RevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software Binaries Romanian Hacker Sentenced to Prison in US for Selling Access to State Network Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Virtual Event: Threat Detection and Incident Response Summit On-Demand Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register Webinar: Third-Party Risk in Practice June 4, 2026 Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice. Register People on the Move Joe Chen has become Chief Technology Officer at Trellix. Usercentrics has named Pawan Hegde as COO and Elena Ignatova as CPTO. SecureAuth has named Mark van Oppen as Chief Revenue Officer. More People On The Move Expert Insights Raising the Cybersecurity Stakes: Ante up for the Agentic Era CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale. (Nadir Izrael) Caught Off Guard: Securing AI After It Hits Production As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. (Joshua Goldfarb) Cyber Resilience is the New Business Continuity Plan The organizations best prepared to face disruption are those that align security, continuity and risk management around what the business cannot afford to lose. (Steve Durbin) Enhancing Data Center Security Without Sacrificing Performance For AI data centers, where the stakes are the highest and performance constraints are the tightest, security and performance are no longer a zero-sum game. (Nadir Izrael) Is the SOC Obsolete, and We Just Haven’t Admitted It Yet? Many AI-first enterprises have already embraced sovereign architectures for general AI initiatives; cybersecurity—and the SOC—should be next. (Danelle Au) Flipboard Reddit Whatsapp Whatsapp Email