Dev Machine Guard: StepSecurity's open-source scanner for the AI agent attack surface

StepSecurity has launched Dev Machine Guard, an open-source bash script that inventories the AI tooling installed on developer machines. It scans for agents including Claude Code, OpenAI Codex CLI, Gemini CLI, Kiro, and Aider, alongside MCP server configurations, IDE extensions for VS Code and Cursor, and optionally Node.js packages across npm, yarn, pnpm, and bun. The project is at version 1.8.1 under Apache 2.0.

The pitch to security teams is straightforward: traditional EDR and MDM solutions — Jamf, Kandji, Intune — have no visibility into the developer tooling layer, even as developer machines hold GitHub tokens, cloud credentials, and SSH keys while executing code sourced from AI agents, MCP servers, and third-party extensions. The attacks that make this argument concrete are real. Malicious VS Code extensions have been caught exfiltrating credentials; rogue MCP servers can silently read codebases and intercept tool calls. Dev Machine Guard produces terminal, JSON, or HTML reports, designed to complement existing security stacks rather than replace them.

The free community edition runs entirely locally — no data leaves the machine — and requires only bash, with optional jq and perl for richer output. The enterprise tier adds a StepSecurity-hosted centralized dashboard, policy enforcement and alerting, scheduled scans via launchd, and MDM-based fleet deployment. StepSecurity has committed to a single open-source codebase: enterprise customers run the identical script, with the commercial layer consisting of backend infrastructure rather than closed-source scanning logic.

The question security teams will reasonably ask is how this compares to existing software composition analysis tools. Socket.dev and Syft both address supply chain risk across Node.js and broader package ecosystems, but neither is purpose-built for the AI agent layer — MCP server configs, agent binaries, and IDE extensions sit outside their scope. Dev Machine Guard's coverage is narrower in some respects and wider in others, and it remains to be seen how rigorously it will be maintained as the tooling landscape shifts. Open feature requests include Windows support, JetBrains detection, and AI skill file scanning, which gives some indication of how much of this problem is still being mapped in real time.