Package dependencies are a critical control point in modern software supply chains. Dependency changes can substantially alter a project's security posture. As AI coding agents increasingly modify software via pull requests, it is unclear whether their dependency decisions introduce distinct security risks. We study 117,062 dependency changes from agent- and human-authored pull requests across seven ecosystems. Agents select known-vulnerable versions more often than humans (2.46% vs. 1.64%), and their vulnerable selections are more disruptive to remediate, with 36.8% requiring major-version upgrades compared to 12.9% for humans, despite patched alternatives existing in most cases. At the aggregate level, agent-driven dependency work yields a net vulnerability increase of 98, whereas human-authored work yields a net reduction of 1,316. These findings motivate pull-request-time vulnerability screening and registry-aware guardrails to make agent-driven dependency updates safer.

翻译：软件包依赖是现代软件供应链中的关键控制点。依赖变更可能显著改变项目的安全态势。随着AI编程代理通过拉取请求日益频繁地修改软件，其依赖决策是否引入独特安全风险尚不明确。本研究分析了七个生态系统中由代理和人类提交的拉取请求所涉及的117,062项依赖变更。代理选择已知漏洞版本的频率高于人类（2.46%对比1.64%），且其漏洞选择在修复时更具破坏性——尽管多数情况下存在已修复的替代版本，但36.8%的代理选择需要主版本升级，而人类选择仅需12.9%。在整体层面，代理驱动的依赖工作导致漏洞净增98个，而人类提交的工作则实现漏洞净减1,316个。这些发现表明，有必要在拉取请求阶段实施漏洞筛查，并建立注册表感知的防护机制，以提升代理驱动依赖更新的安全性。