10 Out of 11 Coding Agents Failed. Here's Why That Number Should Concern You.

Researchers at Adversa AI published findings last month on a vulnerability class they called GuardFall — and the headline number is hard to ignore: 10 out of 11 popular open-source AI coding agents were bypassed using shell injection techniques that have existed for decades.

Not novel LLM jailbreaks. Not sophisticated adversarial ML. Shell injection. The same class of attacks that $PATH hijacking and command substitution have exploited since the 1980s.

Only one agent — Continue — held. The other ten let malicious shell commands slip past built-in safety checks as if those checks weren't there.

This isn't a research curiosity. If you're running an AI coding agent in CI, in a local dev environment, or anywhere that touches real infrastructure, GuardFall is a real attack surface.