New Edamame Platform Aims to Catch AI Coding Agents Going Off the Rails
Edamame Technologies launches a runtime verification platform that uses host telemetry and AI analysis to detect malicious behavior in AI coding agents.
France-based startup Edamame Technologies has unveiled a runtime security platform designed to detect when AI coding agents deviate from their intended behavior, a phenomenon known as 'code drift.' The platform monitors for intent drift, secret theft, and supply-chain attacks in real time, addressing the emerging risk of compromised or misused AI coding assistants.
Developers are increasingly using AI coding agents to accelerate software development, but these agents can diverge from the developer's initial intent, either organically or due to attacker-poisoned assets. This divergence can lead to the exfiltration of tokens, SSH keys, CI secrets, source code, or developer wallet material. Traditional security tools often trust the agent's output, allowing malicious activity to go unnoticed.
Edamame's solution is a host-side runtime evidence layer that performs runtime verification and attack-pattern detection for coding agents. It comprises six modules: Edamame Security (workstation trust anchor), Edamame Posture (CLI and host control surface), Agent integrations (supporting Cursor, Claude Desktop, Claude Code, Codex, and OpenClaw), Divergence engine (joins coding-agent intent with host telemetry), Attack-pattern detection engine (runs CVE-aligned checks for credential harvest, token exfiltration, etc.), and Edamame Hub (fleet-wide visibility).
The platform not only detects intent drift but also identifies supply-chain attacks reaching developer workstations through coding agents. For example, while it would not have prevented the Axios npm RAT from running, it would have detected its presence immediately after delivery by spotting suspicious activity such as beaconing to a C2 server or attempts to read tokens and SSH keys.
Edamame is backed by individual investors who are executives at Netskope, UiPath, and Sonar. The company's approach brings runtime verification and attack detection into the environments where developers and agents already work, rather than bolting on another interface to the SDLC.
As AI coding agents become the execution layer for software delivery, the security question shifts from 'is this developer trusted?' to 'did the agent stay inside the operator's intent?' Edamame measures that divergence from host telemetry and alerts immediately when evidence shows intent drift or concrete attack patterns.