A coding agent is a software system that can plan, generate, and modify code with limited human prompting. In governance terms, it is not just a tool but an actor whose permissions, tool access, and rollback path must be managed as part of the delivery process.
Expanded Definition
A coding agent is an autonomous software entity that can interpret a task, plan code changes, execute tools, and sometimes open pull requests or trigger builds. In NHI governance, the key issue is not whether it writes code well, but whether its identity, permissions, and approval path are tightly bounded like any other privileged actor.
Definitions vary across vendors, but the security distinction is consistent: a coding agent is more than code completion because it can act across repositories, CI/CD systems, ticketing tools, and secrets stores. That makes it an NHI with tool scope, session scope, and rollback requirements. The most relevant external framing comes from the OWASP Top 10 for Agentic Applications 2026 and the NIST AI Risk Management Framework, both of which treat autonomous action as a governance and assurance problem, not just a productivity feature.
NHIMG’s OWASP NHI Top 10 and Analysis of Claude Code Security both underscore that agentic coding systems can widen blast radius quickly when tool permissions are left broad. The most common misapplication is treating a coding agent as a low-risk assistant, which occurs when teams grant repo write access and secret-reading permissions without compensating controls.
Examples and Use Cases
Implementing coding agents rigorously often introduces approval latency and tighter change control, requiring organisations to weigh faster delivery against the cost of constrained autonomy.
- A refactoring agent drafts code changes in a feature branch, but merge rights remain with a human reviewer and the agent cannot self-approve.
- An agent opens a patch for dependency upgrades while its access is limited to a single repository and read-only package metadata.
- An internal tool uses a coding agent to generate tests, but the agent is blocked from reading production secrets and cannot access deployment credentials.
- A build-fix agent can inspect CI logs and suggest remediations, yet rollback is handled through a separate, auditable release workflow.
- A pair of controls from the Ultimate Guide to NHIs and 2025 Outlook and Predictions help teams benchmark whether the agent’s privileges are excessive before deployment.
Practical guidance is reinforced by CSA MAESTRO agentic AI threat modeling framework and the broader OWASP agentic guidance, especially where a coding agent can chain prompts into tool calls. A common use case in mature environments is secure code generation inside a controlled sandbox with artifact signing, trace logging, and time-limited credentials.
Why It Matters in NHI Security
Coding agents matter because they can become privileged intermediaries between ideas and production systems. When their identity is not governed, they often inherit the worst NHI failure modes: secret exposure, excessive privilege, weak traceability, and unclear accountability. NHIMG reports that 97% of NHIs carry excessive privileges, a pattern that becomes especially dangerous when the actor can also modify code or automate deployment steps.
The operational risk is not limited to malicious use. A coding agent that can read environment files, commit changes, and trigger CI may unintentionally propagate sensitive data into logs or artifacts. That is why identity scoping, JIT access, and secrets isolation must be treated as first-class controls rather than implementation details. The same logic appears in the NIST AI Risk Management Framework and the MITRE ATLAS adversarial AI threat matrix, where autonomy changes the threat model.
Organisations typically encounter this consequence only after an agent commits unsafe code, exposes credentials, or ships a broken rollback path, at which point coding agent governance becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Covers secret handling and access scope for autonomous non-human actors. |
| OWASP Agentic AI Top 10 | Defines risks from autonomous tool use, prompt injection, and unsafe action chaining. | |
| NIST AI RMF | Frames AI systems as governed risks requiring measurement, accountability, and oversight. |
Restrict the agent’s secret access, rotate credentials, and audit tool permissions continuously.
