Cookie Consent by Free Privacy Policy Generator

AI coding agents vulnerable to malicious code execution attacks

The Hacker News reports that researchers have identified vulnerabilities in popular AI coding agents, including Anthropic's Claude Code and OpenAI's Codex, that allow attackers to trick the tools into executing malicious code. The attack, demonstrated in a proof-of-concept called "Friendly Fire", works by embedding instructions within open-source code repositories that the AI agent is asked to scan for security vulnerabilities. Instead of simply analysing the code, the agent follows the embedded instructions and executes the attacker's code on the user's machine. A separate vulnerability, dubbed "GhostApproval" and identified by researchers at Wiz, affects six AI coding assistants including Amazon Q Developer, Cursor, and Google Antigravity. This flaw exploits symbolic links to trick the agent into writing to sensitive system files when the user believes they are approving edits to a harmless file.

Why this matters for UK organisations

These vulnerabilities highlight a significant security gap in how AI coding agents are being integrated into development workflows. Many organisations are beginning to adopt these tools to accelerate code review, automate security scanning, and assist with development tasks. However, the research shows that the autonomous nature of these agents, particularly when they are granted permission to execute code or modify files without granular human oversight, creates new attack vectors. The issue is not just technical; it reflects a broader challenge around trust boundaries, permission models, and the operational assumptions built into AI-assisted development tools. For organisations using or evaluating AI coding agents, this is a reminder that these tools are not simply productivity enhancers—they are active participants in your development environment with the potential to introduce risk if not properly constrained. The vulnerabilities also underscore the importance of treating AI agents as untrusted components that require the same level of security scrutiny as any other third-party software integrated into sensitive workflows.

What to review

Organisations using AI coding agents should review how these tools are deployed, what permissions they are granted, and how their actions are monitored and logged. It is worth ensuring that AI agents are not running in autonomous modes that allow them to execute code or modify files without explicit human approval for each action, and that development environments are segmented to limit the potential impact of a compromised agent. Organisations should also check vendor security advisories and ensure that any mitigations or patches released by tool providers are applied promptly. For teams evaluating AI coding agents, this is a prompt to include security and permission models as part of the assessment criteria, and to ensure that procurement and deployment decisions account for the operational risks associated with granting AI tools access to code repositories, build systems and production environments. It is also worth reviewing how your organisation's secure development practices, including code review, access controls and change management, apply to AI-assisted workflows.

Source: The Hacker News

News and blog posts
The NCSC has published details of Cyber Shield, a new national initiative aimed...
The Register reports that suspected Chinese threat actors have been breaking...
The Hacker News reports that researchers have identified vulnerabilities in...
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities...