How to detect credential theft in AI agent harness traces

In June 2026, a detailed account was published about how to detect credential theft in AI agent harness traces, focusing on a series of supply-chain attacks targeting AI coding tools like Claude Code and VS Code extensions. The attacks, which occurred in May 2026, exploited vulnerabilities in these tools to steal sensitive credentials such as npm, AWS, GitHub, and SSH keys. The compromised tools operated by embedding malicious code that reran every time developers opened their editors, targeting the agent toolchain directly. In response, a monitor was developed using Arize AX to detect such credential theft by analyzing agent traces for unusual file access patterns, known as "off-tree reads," which involve accessing files outside the project workspace. This approach emphasizes the importance of tracing and monitoring AI agents for security, complementing other protective measures, and highlights the need for a layered security strategy in managing AI tool supply chains.