Most enterprise AI discussions focus on agents in production. The bigger shift is upstream: software is now being written by agents, not developers. That introduces three security problems no existing category solves — the supply chain of tools the agent depends on (MCP servers, skills, plugins), the behavior of the agent at runtime (tool calls, shell access, network traffic), and the output the agent ships (code that compiles and passes tests but fails at authorization, trust boundaries, and business logic). This session walks through all three using Snyk’s Agentic Development Security framework, launched in June, and explains why the enforcement point is the code layer — not the cloud. We’ll close with what the EU AI Act’s Article 9 adversarial testing and Article 13 audit trail requirements mean for procurement in the second half of 2026, and why enterprises are being asked to prove agentic governance before they can scale deployment. Snyk knows security. Agents know the app. Neither works alone.