Two converging intelligence items this week confirm that AI coding tools and autonomous agent frameworks have moved from theoretical to demonstrated attack surfaces: Pwn2Own Berlin 2026 included successful code injection against Cursor AI and OpenAI Codex, and the broader AI coding assistant threat story documents that AI-generated code introduces exploitable flaws (SQL injection, missing authentication, OS command injection) faster than human review processes can catch them, while autonomous agents can discover and act on those flaws without human direction.