Threats against corporate software developers are increasing and diversifying, challenging security leaders to develop more agile defenses against this growing attack vector.
Attackers are increasingly targeting the tools, access, and trusted channels used by software developers rather than simply exploiting application bugs. The threats blend technical compromise — malicious packages, development pipeline abuse, etc. — with social engineering and AI-driven attacks.
“Attackers are no longer just trying to break into the network; they are trying to break into the workflow,” says Chris Wood, principal application security SME at cybersecurity firm Immersive. “By compromising the tools developers trust implicitly, like extensions and package registries, they can poison the well before a single line of code is written.”
The tokens, API keys, cloud credentials, and CI/CD secrets held by software developers unlock far broader access than a typical office user account, making software engineers a prime target for cybercriminals.
“They [developers] hold the keys to the kingdom, privileged access to source code and cloud infrastructure, making them a high-value target,” Wood adds.
Security experts quizzed by CSO said the threat against software developers can be broken into several categories, including: malicious extensions, IDE plugins, and tools; supply chain and dependency attacks; credential theft and environment compromise; social engineering; and AI risks in software development workflows.
Malicious utilities poison the ecosystem
Darren Meyer, security research advocate at application security firm Checkmarx, sees most attacks targeting developers as “low-effort” and untargeted.
For example, attackers plant tainted open-source packages on typosquatting domains to trick developers into installing malicious versions of popular utilities.
But spray-and-pray efforts are only part of the story. More targeted attacks are also in play, such as the Shai-Hulud worm hack against GitHub and other software development platforms, a recent assault against npm package Chalk, and attempts to compromise the Visual Studio Code plugin ecosystem, Meyer warns.
Meyer’s warning about tainted open-source packages is backed up by recent study by DevSecOps firm Sonatype that identified 1.233 million malicious packages.
Known vulnerable components also pose a massive risk. Four years after the vulnerability was patched, versions of Log4j vulnerable to the Log4Shell vulnerability were downloaded 42 million times last year, according to Sonatype’s latest State of the Software Supply Chain report.
Credential theft and environment compromise
Attackers aren’t just looking for flaws in code — they’re looking for access to software development environments.
Common security shortcomings, including overprivileged service accounts, long-lived tokens, and misconfigured pipelines, offer a ready means for illicit entry into sensitive software development environments.
“Improperly stored access credentials are low-hanging fruit for even the most amateur of threat actors,” says Crystal Morin, senior cybersecurity strategist at cloud-native security and observability vendor Sysdig.
Malicious insider threats
Attackers are also looking for ways to infiltrate targeted enterprises by posing as software development contractors or remote hire workers.
Fake worker schemes, a popular tactic spearheaded by North Korean threat actors, rely on using technically skilled individuals with falsified identities who use social engineering trickery to fool victims into hiring them. Once inside, these moles steal data and sensitive secrets that serve as collateral for blackmail scams, among other ruses.
“We’ve also seen threat actors pretend to be maintainers and commit malicious code to open-source projects with the goal of infecting users of popular packages, which was the case with the XZ Utils backdoor (CVE-2024-3094),” says Sysdig’s Morin.
Software supply chain risks
A compromised dependency such as a shared software library can taint the code of any developer that relies on it, leading to a large and growing software supply chain risk.
Gavin Millard, VP of intelligence at exposure management company Tenable, says threats from the software supply chain have supplanted exploits to become the greatest systemic cybersecurity risk.
Software supply chain risks mean the attack surface has expanded beyond traditional vulnerabilities and stolen credentials to the hijacking of maintainer accounts on platforms such as npm or PyPI.
“As evidenced by the recent S1ngularity and npm maintainer hijacks, a single poisoned update in a common library can achieve more in minutes than a year spent sending targeted phishing messages or scanning the internet for exposed systems,” Millard tells CSO.
Abusing the supply chain offers a “force multiplier” for any adversary, he adds.
“For a mainstream user, a breach is a data leak, but for a developer, it’s a poisoned well that could infect every application they develop and every user of their products downstream,” Millard explains.
Concerns about the resilience of supply chains against cyberattacks are growing. The World Economic Forum’s latest annual Global Cybersecurity Outlook report shows that 65% of large enterprises report that third-party and supply chain vulnerabilities are their greatest challenge, a figure that has risen from 54% in 2025.
“Developers routinely pull code from public registries, install third-party dependencies, grant automation broad permissions and publish artefacts that downstream systems implicitly trust,” says Christopher Jess, senior R&D manager at application security firm Black Duck.
“Attackers are exploiting that reality by shifting left into the developer toolchain by poisoning open-source packages, typosquatting popular libraries, publishing malicious extensions into IDE marketplaces, and targeting build systems where a single compromised pipeline can affect every environment,” he adds.
Blended threat model
Attackers have also begun blending technical compromise with social engineering to increase the potency of their attacks, Jess notes.
“A malicious package may be seeded with subtle backdoors, then amplified through convincing outreach with fake maintainer messages, urgent security-fix pull requests, or impersonation of trusted collaborators to accelerate adoption,” Jess explains.
“AI is raising the scale and precision of these attacks: phishing and pretexting can be more contextual — matching repo names, commit history, and team roles — and adversaries can generate plausible code changes or documentation that reduce suspicion during review,” he says.
AI-assisted development increases exposure
AI-assisted development and “vibe coding” are increasing exposure to risk, especially because such code is often generated quickly without adequate testing, documentation, or traceability.
Jamie Beckland, chief product officer at cybersecurity firm APIContext, warns that as software development teams adopt AI agents and Model Context Protocol (MCP) servers, a new, growing risk is tool sprawl with opaque permissions.
“MCP servers can be modified by adding tools designed to exfiltrate data from internal APIs, data stores, or SaaS systems,” Beckland says. “The risk isn’t just the LLM model, it’s the tooling surface area and what those tools can reach.”
“Monitoring MCP servers for changes in the tool infrastructure, and the data access rights of the server, is critical to verify changes in tools and requests.”
Pieter Danhieux, CEO and co-founder of cybersecurity education firm Secure Code Warrior, adds that MCPs and AI agents are fertile ground for attackers because it is easy to “purposely introduce an insecure prompt or insert AI-augmented malicious code.”
“Additionally, we’ve seen threat actors exploit user identity in new ways, namely with the confused deputy vulnerability where threat actors will fool AI agents into taking unauthorized actions on behalf of the user,” Danhieux says.
Sonatype’s analysis of 37,000 recommendations shows that GPT-5 hallucinated 27.8% of component versions and even suggested actual malware packages in some cases, a statistic that emphasises the need for human code review.
According to BaxBench, 62% of the solutions generated even by the best large language model (LLMs) are either incorrect or contain a security vulnerability, highlighting that LLMs cannot yet generate deployment-ready code.
CISOs need to “stop obsessing over individual vulnerabilities and start mastering their total exposure, including the provenance of the shared libraries automatically pulled in via AI code assistants,” Tenable’s Millard says.
Countermeasures
For CISOs, hardening software development environments requires a blend of technical controls, security education and creating a security-aware culture.
Tighter identity verification checks, credential hygiene and least-privilege access to data offer steps to building greater security maturity into software development practices.
“Well-known solutions to these problems include isolating workspaces in containers, centralizing image and secret management, and enforcing regular audits and procedure logging, all of which can effectively reduce the danger,” says Eric Paulsen, CTO for EMEA at software development platform provider Coder.
Best practice has always been to pin workflow actions against immutable SHA hashes stored on tamper-proof hardware modules, according to David Sugden, head of engineering at digital transformation consultancy Axiologik.
“Similarly, allow lists, secrets scanning, and software composition analysis continue to form DevSecOps baselines that increase protection,” Sugden says. “Gating direct access to external dependencies offers protection against malicious packages and versions, as well as preventing downloads for older, insecure packages.”
Michael Burch, application security advocate at cybersecurity training firm Security Journey, emphasizes the importance of offering software developers continuous, hands-on training.
“Developers need realistic exercises that demonstrate impact. Allow them to see how systems fail and empower them to fix issues themselves,” Burch advises.