This study addresses the critical gap in security and privacy awareness among independent AI agent developers, who commonly rely on ad hoc, manual safeguards and are thus vulnerable to emerging threats. Through semi-structured interviews with 28 Chinese developers followed by qualitative analysis, this work systematically investigates their security practices for the first time, revealing a predominant user-centric perspective that overlooks underlying system vulnerabilities. The findings identify three root causes: insufficient security training, inadequate tooling, and lack of platform-level support. These insights provide empirical grounding and concrete directions for designing lightweight, tailored security tools specifically suited to the constraints and workflows of independent developers.

The proliferation of AI agents empowers independent developers, defined as individual or small groups who self-initiate projects rather than fulfill client-based contracts, to create sophisticated autonomous systems, but also introduces novel security and privacy (S&P) challenges beyond traditional corporate structures. We conducted an interview study (N=28) with Chinese developers, whose extensive use of global LLM services offer valuable insights into this population. We investigate their understandings, practices and challenges of S&P challenges in their developed AI agent products. We revealed that independent developers frequently think and act from their users' perspective. They focused on user-facing safety risks such as harmful content while exhibiting low awareness of security vulnerabilities. Consequently, developers rely almost exclusively on ad-hoc, manually crafted safeguards and informal communication, with an absence of formal tools or processes for S&P practices. We found these actions are driven by various inhibitors, primarily a lack of formal training on S&P related skills, accessible security tools and actionable guidance from platforms. Our work contributed the first exploration of independent AI agent developers' S&P understanding, outlining opportunities for tailored security tooling.