What a Hackathon Reveals About AI Agent Trends to Expect in 2026

Over 250 developers gathered on a foggy autumn day in San Francisco to build 50+ projects in an effort to win a prize. Using tools like AWS Bedrock, Anthropic, Vanta, and Semgrep, teams built security agents to fit the theme of Cybersecurity Awareness Month at the AWS AI Agents Hackathon. The theme urged teams to push the envelope on handling sensitive data, implement proper security controls, and strive for enterprise-grade security solutions. From these projects, a few trends emerged to empower invention and remove friction from developing secure solutions fast.

Events like this provide a clear signal for understanding trends in software development, artificial intelligence, and the cybersecurity tools that forward-looking developers use to solve problems when under pressure to ship.

Some of the trends that emerged:

• The role of MCP and creating AI agents

• Combining multiple LLMs into a workflow

• LLMs that encourage best practices

• Vibe coding securely in a browser

• Malicious IDE Extensions and MCP Servers

More details on projects that demonstrated these trends is discussed below.

Trend 0: Agentic AI and the Role of MCP

Model Context Protocol (MCP) has indisputably become the backbone of agentic workflows. MCP standardizes how AI agents access tools, context, and development environments. While attackers have begun experimenting with malicious MCP servers, the protocol’s benefits far outweigh the risks when implemented with strong best practices (review the Security Engineer’s Guide to MCP).

Adding a security agent directly integrated into the development environment when writing software is going to be the most effective way to address security vulnerabilities. The gospel of shift left and security guardrails has long advocated for development teams to address security earlier in the process and MCP finally gives us a foundation for achieving it.

By building an MCP server for Semgrep, teams at the event were able to add security scans into their code creation process – whether the source code was generated by an LLM or lovingly crafted by a software engineer. Teams used a variety of IDEs including Cursor, Claude Code, GitHub Copilot, Windsurf, and within each of them Semgrep was there to scan the generative AI results.

The server can even be run locally using the Semgrep CLI:

Using MCP will be the de facto standard for integrating AI agents with developer environments.

Trend 1: Teams use More than One LLM in Practice

It is becoming increasingly common during software development to not settle on a single LLM but to swap between them depending on the task. The cost of tokens can sometimes be a consideration in this model selection. The AI Assistant within Semgrep's dashboard allows users to select an AI provider, giving flexibility to choose an alternative whether for data privacy, business contract, arbitrary preferences, or to achieve better results.

One project took this to a logical conclusion and built a tool to compare LLM results head-to-head.

Picking from multiple LLMs such as Claude, GPT-4, and Llama (via AWS Bedrock) the Darwin project team pitted model against model using the deterministic reasoning from Semgrep to build a survival fitness function ranking the quality, speed, and correctness of generating code for a given prompt. Weak code is eliminated and a model winner can be selected for the resulting source code.

This can help let the right model emerge for given tasks through measurable pressure from a reliable SAST security scan rather than guesswork. Certain models repeatedly generated safer code; others optimized for speed at the cost of risky patterns; some excelled only in niche tasks. This matches some of our own research comparing Sonnet 4 and Codex on IDOR detection.

Trend 2: LLMs Can Encourage Best Practices

Another trend was the use of LLMs for more than just code generation and toward personalized, in-workflow coding best practices and security education. Teams are leveraging LLMs to not just write code, but to train developers on how to write more efficient and secure code by integrating best practice guidance directly into the development cycle.

One example of this was a project called CommitDNA which coupled the explainability of an LLM with the deterministic security analysis of Semgrep, into a tool that could provide almost immediate context-aware feedback on security issues and coding style. Essentially, a personalized AppSec tutor for your commits.

Integrating LLM-powered coaching directly into the development environment is critical for enabling teams, boosting dev efficiency and improving code quality at scale, as it shifts the conversation from retrospective review to proactive, in-the-moment skill development. This approach leverages the LLM's explanatory power to create an active, just-in-time learning loop, dramatically reducing the cognitive load and friction associated with adopting and maintaining best practices.

LLM-powered coaching will become a core part of developer upskilling, shifting security education from after-the-fact reviews to real-time habit formation.

Trend 3: Vibe Coding Securely in the Developer’s Browser

As browser-based AI coding environments grow in popularity, they introduce new blind spots in the development workflow. Unlike traditional IDEs, many browser tools lack deep security integrations or MCP support which can leave generated code unscanned until it reaches production.

These tools, while convenient, often lack deep, integrated security practices.

The Udon Cat project, which created a browser extension, attempted to address this gap, enabling developers to "vibe code securely” from the browser. The project focused on bringing the deterministic code security analysis of a tool like Semgrep to the web, allowing engineers using in-browser LLM assistants to get immediate, context-aware feedback and security scans on their generated code before it leaves the browser window. A crucial security layer for a growing and underserved segment of the developer workflow.

This project used Bolt for development but other services like Replit have added a built-in security scanner that use Semgrep.

Trend 4: Malicious IDE Extensions and MCP Servers Target Devs

We’ve seen a number of supply chain attacks this year that target developer hosts themselves including s1ngularity, shai-hulud, phishing schemes, and malicious MCP servers. One project called AgentSafe wanted to tackle this problem of trust so that developers who have access to credentials and other tokens for sensitive business information don’t themselves get compromised.

Developers are rapidly adopting MCP servers as plug-and-play extensions for agents, but there’s no reliable registry, no standardized vetting process, and very few guardrails around the code you’re implicitly inviting into your system. AgentSafe approached that problem with a security mindset from first principles. 

Instead of treating external MCP servers as inherently safe to connect to, the project reframed each connection as a risk decision. Before an agent touches an unknown server, AgentSafe consults Vanta to assess the hosting company's security posture and runs Semgrep scans against the MCP server’s public codebase to detect vulnerabilities like secret leakage, unsafe filesystem access, or injection vectors. The result is evaluated before a single remote tool call is executed.

What makes the project compelling is how seamlessly it blends discovery, security analysis, and operational capability into a single workflow. Projects like this push the ecosystem forward by showing how static analysis and compliance checks can serve as a “pre-flight inspection” for the next generation of agent-to-agent and agent-to-service interactions.

Conclusion

The AWS AI Agents Hackathon didn’t rewrite the rules of software security in a day, but it offered a glimpse at where development energy is heading. Teams under time pressure gravitated toward practical patterns: using multiple LLMs instead of betting on one, embedding security agent checks directly into dev workflows, and treating MCP connections with far more scrutiny than the ecosystem currently encourages. 

These weren’t abstract ideas, just working prototypes built in a weekend, reflecting the instincts of teams who have to ship something fast.

The next wave of AI-driven development will lean heavily on agentic workflows, rely on layered security checks, and demand more visibility into dependencies. Semgrep’s role is to make those security steps execute fast, provide predictable results, and be easy to integrate regardless of tools and workflows. If these projects are any indication, the next year will continue the push toward automation, experimentation, and tools to address cybersecurity risks.