Software supply chain attacks have plagued crypto for years — DNS hijacks, npm package typosquats, backdoored dependencies. But a new wave of AI coding agents is quietly redefining the problem, shifting the conversation from 'which app should I install?' to 'why run someone else's app at all?'
The old trust model is showing cracks
The current software trust model relies on executing someone else's code. All the security measures — permissions, sandboxing, code signing — exist because that act is inherently dangerous. The risk perception is shifting in a way similar to how societies came to see drinking and driving or smoking indoors as reckless rather than normal.
AI agents that write code on demand may make running code written by strangers feel just as reckless. The logic is simple: if an agent can build the function for you, why would you install an opaque binary from an unknown developer?
SolarWinds and XZ Utils: a pattern
The SolarWinds compromise demonstrated how malicious code can be inserted into a trusted build process and distributed through normal updates to government agencies and technology firms. That wasn't a one-off. In March 2024, CISA warned about the XZ Utils backdoor — malicious code embedded in versions 5.6.0 and 5.6.1 of a compression library, disguised in a test file and smuggled through build-process manipulation. It spread across Linux distributions through routine channels.
In crypto, the same pattern shows up: DNS exploits that redirect wallet downloads, npm packages with hidden coin stealers. An attack can originate far upstream and arrive through something as mundane as a library update.
Industry frameworks like NIST's Secure Software Development Framework and SLSA (for provenance, integrity, and tamper resistance) try to shore up the process. But they don't change the fundamental fact that you're still running someone else's code.
AI agents flip the default question
The next model of software reduces the amount of outside code needing trust. Instead of asking 'which app should I install?,' the question becomes 'why should I run someone else's app when my agent can build the function for me?'
Several early examples are already here. OpenAI Codex, now with a UI option focused on chats and outputs rather than code and terminals. Claude Code, which maps a codebase, changes files, runs tests, and commits. GitHub Copilot handles asynchronous work on issues and pull requests. Google Jules is an autonomous coding agent. They all let a user describe a workflow, and the agent generates the interface, logic, integrations, tests, and execution path.
The artifact can be temporary or long-lived. The app becomes a disposable expression of intent — something built for a task and discarded.
Crypto's supply chain problem
For crypto, this shift matters because trust is the scarcest resource. Smart contracts, wallets, and DeFi frontends are all third-party code that users run with real money. A single malicious dependency can drain millions.
AI-generated code still needs to be secure — agents can write bugs too. But the model changes the vector: instead of trusting a whole package from an anonymous publisher, you trust the agent's training, its sandbox, and your own prompt. The attack surface narrows, but it doesn't disappear.
The next concrete development to watch is whether any crypto project begins shipping agent-audited or agent-generated code as a default. A few exchanges and protocols are already experimenting with AI-assisted contract generation. The question is whether that future arrives fast enough to head off the next supply chain disaster.
