Mitigating Indirect AGENTS.md Injection Attacks in Agentic Environments

AI tools are significantly accelerating software development and changing how developers work with code. These tools serve as real-time copilots, automating repetitive tasks, executing tasks, writing documentation, and more. OpenAI Codex, for example, is a coding agent designed to assist developers through tasks like code generation, debugging, and automated pull request (PR) creation. Yet as agentic tools are integrated into workflows, how they affect the safety, reliability, and integrity of software development must be considered. A recent Codex vulnerability discovered by the NVIDIA AI Red Team highlights security gaps from indirect AGENTS.md injection through malicious dependencies. While this attack relies on a compromised dependency, meaning the attacker already has a form of code execution, it illustrates a new dimension of supply chain risk unique to agentic development environments. This post walks through the attack chain step-by-step—from dependency setup to instruction…