AI Coding Agents Accidentally Introduced Vulnerable Dependencies

An operator report tied AI-assisted code to a vulnerable Next.js dependency, showing why critical dependency risk needs deploy approval.

Claude Code / OpenAI Codex + Next.jsProduction deletionVulnerable dependency deploymentNext.js application / dependency graph

What happened

An operator reported that AI-assisted coding tools generated an application that pinned a vulnerable Next.js dependency later exploited through CVE-2025-29927.

Why it matters

The operator reported a production server running a cryptominer after an automated scanner reached an internal endpoint that middleware was supposed to protect.

Missing authorization check

A production deploy containing a critical auth-bypass dependency should have required an approval path that surfaced the dependency risk before release.

Would PP block it?

Deploy Gate can require a human receipt when a PR introduces known critical dependencies. Runtime exploitation still needs vulnerability scanning and environment isolation.

Incident analysis

Timeline and technical read

Timeline

2026-03-16
An operator linked AI-assisted coding output to a vulnerable Next.js dependency in production.
After deploy
The reported vulnerability path was exploited and the production server ran a cryptominer.
Permission boundary
The authorization check belongs before deploying a PR that introduces known critical dependency risk.

Technical breakdown

The agent did not need to delete data to create production risk; dependency choice was enough.
The missing check was a deploy policy that surfaced CVE severity before release.
Permission Protocol can require a named signer for high-risk dependency changes when the signal is present in the protected workflow.

Authorization boundary

Where the authorization boundary should have been

This incident is categorized as Production deletion. The relevant Permission Protocol gate is Deploy Gate. The read is conditional: the block only applies where the real action boundary is routed through a gate.

If enforced at: Protected PR or deploy workflow with dependency policy
Still needs: Direct deploys and runtime exploit detection
Receipt required for: Deploying a critical vulnerable dependency

Would block if dependency/CVE risk were part of the protected PR or deploy gate; it would not stop an unreviewed direct deploy by itself.

Related incidents and controls

Critical2026-02-26

Claude Code Agent Reportedly Deleted DataTalks.Club Production Infrastructure, Database, and Snapshots via Terraform

Medium2025-12-15

AWS outages caused by AI coding bot blunder, report claims

Review Deploy Gate

Start small

Put the relevant gate at this action boundary.

This incident maps to Deploy Gate. Start with the boundary that controls the actual action, then require a signed receipt before execution.

Install on one repo