Et Tu, Agent? Did You Install the Backdoor?

https://a16z.com/et-tu-agent-did-you-install-the-backdoor/
  • AI coding agents install malicious dependencies faster than humans can review.
    • Agents pick known-vulnerable package versions 50% more than humans do.
    • Security review window compressed to near-zero in autonomous pipelines.
  • Slopsquatting: attackers register hallucinated package names LLMs keep suggesting.
    • One dummy package hit 30,000 downloads in weeks with zero marketing.
  • Average app has 1,100+ OSS components; basic Next.js pulls 282 before your code.
    • 755 transitive deps in median GitHub JS project — chosen by nobody on the team.
  • Axios attack: hijacked maintainer account, malicious dep, self-deleting RAT.
    • 100M+ weekly downloads; malware phoned home in 89 seconds, then erased itself.
  • TeamPCP worm: one stolen token hit GitHub, Docker Hub, npm, PyPI, VS Code in 8 days.
    • Spread via blockchain C2 across 66+ npm packages.
  • Industry detection avg: 267 days; behavioral scanners (Socket) caught Axios in 6 minutes.
    • CVE databases miss planted backdoors — no CVE entry for novel malware.
  • Fix: move controls to dependency entry point, analyze behavior not CVE lists.

Joel de la Garza, Malika Aubakirova, and Zane Lackey (a16z) · 2026-04-02 · Read on a16z.com

Type Link
Added Apr 2, 2026
Modified Apr 15, 2026
💭 Thinking 30 items