This article explores how AI coding agents (GitHub Copilot, Claude Code, etc.) operating in CI/CD environments introduce novel security risks that traditional EDR solutions can't detect. The key insight: these agents have elevated privileges to create branches, open PRs, and execute code based on natural language instructions - but organizations have zero visibility into what they're actually doing behind the scenes. The post highlights real attack scenarios where agents can be manipulated through behavioral exploitation rather than direct compromise. For example, tricking an agent into generating subtle vulnerabilities in PRs that human reviewers might miss, or having them trigger malicious workflow runs through seemingly innocent issue comments. Most interesting is the "context gap" problem - traditional security tools see low-level system calls but miss the AI decision chain that led to those actions. When an agent downloads from gist.githubusercontent.com, is it fetching legitimate dependencies or malicious code? Without CI/CD-aware monitoring, you can't tell. The article is part of a series examining these risks and demonstrating runtime monitoring approaches specific to AI-powered development workflows.