The Security Layer That Fits the Way AI Teams Actually Ship
If agents are writing most of your code, security has to move from a late gate to a fast feedback loop. Here's the stack that works in practice.
Why security keeps ending up at the wrong point in the workflow
Most teams still run security at the point where it's most expensive: right before release, after the merge queue is full and launch pressure is high. That model already struggled with human-only coding. With Claude Code and Cursor producing larger diffs faster, it breaks completely.
A common example: an agent adds a billing webhook, an admin endpoint, and a data export path in one task. The PR passes unit tests and gets approved. Two days later, a scanner run in staging flags seven issues, four are noise, one is real, and nobody knows which one to fix first. Engineering delays release or ships with risk.
This isn't a tooling failure; it's a placement failure. Security findings arrive too late, too noisy, and too disconnected from the commit that introduced the bug.
The four layers (production scanning, PR review, pre-commit/post-task CLI, generation time) and where we sit
Think of shift-left as a stack, not a single control. Layer 1 is production scanning: valuable for detection and incident response, but it's the latest and most expensive place to find defects. Layer 2 is PR review scanning: better, but still easy to ignore if alerts are high-volume and low-confidence.
Layer 3 is where velocity and signal start to align: local CLI checks at pre-commit and post-task boundaries. You catch issues before they hit the PR, and the output can feed directly back into the agent loop. Layer 4 is generation-time guardrails while the agent is writing code: best for preventing known bad patterns, but incomplete on its own.
We sit primarily in Layer 3 with a bridge into Layer 2 and runtime verification: composed CLI in the developer loop, structured findings in PR context, and exploit confirmation against staging so teams act on evidence, not guesses.
Why the CLI + hooks model is the right fit when agents are writing the code
Agents already operate on tight loops: write code, run checks, patch, repeat. Security has to plug into that same loop or it gets bypassed. The composed CLI does that with deterministic behavior agents can consume: exit code, JSON output, exact file and line.
In practice, teams wire a pre-commit hook to block obviously risky diffs and a post-task hook to run a broader scan after Claude Code or Cursor completes a task. If the hook returns a verified finding, the agent gets actionable data immediately instead of a vague 'potential vulnerability' comment hours later in PR review.
Example: Cursor generates a route handler that concatenates req.query.user_id into SQL. Post-task hook returns a finding with payload and evidence. The agent replaces it with parameterized queries, reruns, and exits clean before a human even sees the PR.
What verified exploitability changes about the whole loop
Verified exploitability collapses argument time. Instead of debating severity labels, teams look at proof: payload sent, endpoint hit, response observed. That shifts security from policy discussion to engineering execution.
It also improves agent behavior. When Claude Code or Cursor gets a finding that includes exploit evidence, remediation is targeted. Without that, agents often patch symptoms and miss the actual sink path.
The downstream effect is measurable: fewer ignored alerts, faster time-to-fix, and cleaner PR reviews because only real issues survive the loop. For teams shipping weekly or daily, that is the difference between 'security process' and security that actually ships with the product.
Run Composed on your last 10 PRs.
Apply for design partner access and we’ll show which findings are real, exploitable, and worth fixing — free.
Run it on 10 PRs →