Only 17% of companies have technical controls capable of preventing employees from uploading confidential data to public AI tools β a gap documented in a 2026 compliance analysis by ComplyJet. When those employees are AI coding agents operating autonomously in your CI/CD pipeline, that gap shows up not just in security incidents but directly in your next ISO 27001 surveillance audit.
What AI Coding Agents Expose in ISO 27001:2022
ISO 27001:2022 is a risk-driven framework: identify where data flows, classify risks, apply controls. An AI coding agent running in your development pipeline creates data flows that most existing Annex A control implementations weren't written to cover. Context windows ingest source code, credentials, and environment variables. MCP tool calls reach external systems without formal supplier agreements. Pull requests are opened by an autonomous process with no named human author.
ISO/IEC 42001 addresses AI-specific governance, and ISO/IEC 42006:2025 extends that framework to AI audit and certification bodies. But as Dionach's compliance practitioners have noted, the right model is extension, not replacement β your existing 27001 controls need explicit AI-scope language before an auditor asks for evidence. The same discipline applies whether you are also mapping to the NIST AI Risk Management Framework for coding agents or working through SOC 2 audit requirements for AI-generated code.
Five Controls That Need an AI-Specific Extension
None of these controls require a rewrite. Each needs updated scope language and, where noted, new evidence artifacts.
A.5.23 β Information Security for Use of Cloud Services
Added in the 2022 revision, this control requires that cloud service requirements be documented in agreements and monitored. AI coding agents β particularly those calling cloud-hosted inference endpoints or external MCP servers β are cloud services with a broader attack surface than typical SaaS applications. Update your A.5.23 policy to enumerate approved AI tools, specify which data categories may enter those tools' context windows, and require logging of all outbound API calls made by agents during code generation.
A.5.19βA.5.22 β Supplier Relationship Controls
ISO 27001 requires formal agreements and periodic monitoring for all supplier relationships. An AI coding agent that calls external MCP servers or autonomously pulls third-party packages is exercising supplier relationships on your behalf β typically without a signed agreement. Your supplier register needs to include AI model providers and every MCP server reachable from your agent environment. Auditors will ask for evidence that these relationships are documented and reviewed on a defined schedule.
A.8.25 β Secure Development Lifecycle
The SDL control requires that security requirements be defined and applied throughout the development process. AI-generated code is not exempt. A policy written before your team adopted agent-assisted coding will have an evidence gap: the policy either doesn't mention AI-generated output, or there's no record that scanning and review gates were applied to it. Update the policy explicitly, and establish the audit trail your compliance team needs for AI-generated code to close the evidence gap.
A.8.28 β Secure Coding
Secure coding controls require documented practices and verification that those practices are followed. AI agents don't self-check against your secure coding standard unless you configure them to. The audit question is direct: does your secure coding policy cover AI-generated output? If the document predates your agent adoption, it almost certainly does not, and the finding is straightforward for any experienced auditor to surface.
A.8.30 β Outsourced Development
This control requires that information security requirements be applied to outsourced software development. An AI coding agent that writes, commits, and opens pull requests is functionally acting as an outsourced developer. BrightDefense and others mapping ISO 42001 to existing ISMS programs point to exactly this control as the one most organizations have not updated. Your A.8.30 controls β code review requirements, attribution standards, merge policies β must explicitly cover AI-generated pull requests or the finding is automatic.
What re-entry.ai Does About This
Pull request risk scoring at re-entry.ai automatically tags AI-generated PRs, scores each for risk attributes including code origin, change scope, and secrets exposure, and enforces review gates before merge. That activity log is exactly the control evidence your ISO 27001 auditor will request for A.8.25, A.8.28, and A.8.30 β generated automatically rather than assembled manually before an audit window.
What to Do Now
Extend your supplier register to include AI model providers and every external MCP server accessible from your agent environment.
Update your A.5.23 cloud services policy to enumerate approved AI tools and specify which data categories may enter those tools' context windows.
Revise your A.8.25 SDL and A.8.28 secure coding policies to explicitly cover AI-generated code, with evidence artifacts to match.
Verify that every AI-authored pull request triggers the same SAST, dependency scanning, and mandatory review gates as human-authored code.
Update your Statement of Applicability to reflect AI-specific scope additions before your next surveillance or recertification audit.
ISO 27001 doesn't require you to stop using AI coding agents. It requires you to manage the risks they introduce with the same rigor you apply to any other supplier or development process. Five targeted control updates β documented and evidenced β is a realistic scope for a single sprint before your audit window opens. Visit re-entry.ai to establish the PR-level evidence trail your next ISO 27001 audit will expect.