Security in an agentic world
How Privy approaches control, key management, and safe transaction execution at the speed of software
Aaron Lintile
|May 11, 2026
Agents are changing how software gets built. Entire production integrations can now be generated in a single pass. What used to take days now takes hours, lowering the cost of shipping and expanding what a single team can do.
But that same acceleration isn’t just happening on the builder side. It’s happening on the attacker side too.
In April, a malicious version of a small npm package, pgserve, appeared in the registry. It scanned for publish tokens on the developer’s machine, identified every package they had access to, and quietly pushed compromised versions back to npm. If it found credentials for other ecosystems, it didn’t stop there.
This wasn’t a one-off. Just weeks earlier, a backdoor was introduced into the widely used Axios package, which sees tens of millions of downloads every week. The window of compromise lasted only a few hours, but that was enough for the malicious code to reach real production environments.
Around the same time, multiple supply chain attacks hit npm, PyPI, and Docker Hub within a 48-hour span. Three campaigns in that window shows that this isn’t an outlier, but increasingly the baseline.
This is what it looks like when attackers start to operate with the same speed and leverage as modern development teams. Producing production-ready code no longer requires direct human oversight. In many cases, it’s the actor itself, able to propagate and execute on its own.
At Privy, we think about this shift through a simple lens: as software becomes more autonomous, the systems that control it need to become more extensible and more precise.
Security at Privy in an increasingly agentic world
The real gap isn’t in AI versus attackers, but in between code shipped and code secured.
AI is accelerating how quickly software gets written, reviewed, and deployed. The former is growing fast, but the latter has not kept up.
Most teams are still operating on security cadences designed for a slower world. Penetration testing is often annual. Dependency audits happen periodically. SBOMs, or software bills of materials, which track all the dependencies that make up an application, are still reviewed on a lag at most companies.
Privy operates on a tighter cadence, with regular third-party penetration testing and public reporting. But even with more frequent testing, the broader pattern holds: most security processes weren’t built for an environment where both code and attacks can propagate in minutes, not hours or days.
Part of what makes this gap so risky is how much authority modern systems grant by default. In many environments, credentials function as bearer tokens. Once exposed, they allow immediate and often broad access across systems.
Instead of treating security as a periodic checkpoint, we treat it as part of the execution layer itself.
This shows up in a few ways:
Security processes that run continuously, not annually
Systems that assume dependencies and environments can be compromised
Controls that are enforced at the moment of action, not just reviewed ahead of time
When code can be generated and shipped in a single pass, security can’t rely on scheduled reviews alone. It has to move with the same speed and precision as the systems it’s protecting.
From checklist to continuous enforcement
Matching the pace of modern attacks requires rethinking where security lives in the development process, not just adding more to a checklist.
This doesn’t mean every team needs frontier models or a dedicated security org. It does mean shifting toward controls that operate continuously and automatically:
Verifying what’s being installed, not just trusting dependencies
Tracking changes across your dependency graph in real time, not on a schedule
Treating secrets as short-lived and observable, not static and invisible
Enforcing clear rules around what code and systems are allowed to do once deployed
The common thread is simple: security has to move from periodic review to continuous enforcement. Because when both code and attacks can propagate in hours, anything that relies on a human checkpoint will lag behind.
Applying this to wallets
This shift becomes even more important when software is directly controlling assets. As wallets become the account layer for modern applications, they’re no longer just holding keys. They’re authorizing real transactions, often programmatically, across systems that are increasingly automated. That changes the security model entirely.
At Privy, we’ve built our wallet infrastructure around this reality:
Keys are never exposed or stored in full, but isolated in secure environments
Signing happens within controlled hardware-secured boundaries, not in application code
Access is defined through programmable policies, not implicit trust
Every transaction can be constrained by rules, approvals, and limits
This isn’t about adding another layer of protection, but about embedding control directly into how transactions are executed.
Because if the deployment pipeline is becoming a transaction layer, the systems behind it need to assume failure and contain it by default.
If you’re building in this new environment, where code and attacks both move faster than ever, security has to be part of how your system operates from the start.
Learn more about Privy’s approach to security in our docs and security page.
