An AI assistant does not need to “go rogue” to create a security incident. It only needs to follow the wrong instruction. A developer at a mid-sized financial firm opens her AI coding assistant on a Tuesday morning and points it at a repository to refactor a module. The assistant reads the files, including a configuration file that a contractor checked in weeks earlier. Inside that file, in a comment no human would read closely, is a block of text that is not a comment at all. It is an instruction. And the assistant, unable to tell the difference between the developer it works for and the attacker who wrote that line, follows it. Nothing alarms. No tool flags it. The assistant is doing exactly what an assistant does — reading files, making requests, and moving data. By the time anyone would think to look, the data it was quietly gathered was already gone. That scenario is not hypothetical anymore.…