AI Now’s Friendly Fire PoC shows Claude Code and Codex running README-planted payloads on hosts when autonomous command approval is enabled.

Learn how malicious AI agent skills easily bypass static scanners. Discover how runtime checking secures tools like Claude Code and OpenClaw.

'GhostApproval' problem highlights human-in-the-loop fails

Wiz's 'GhostApproval' uses an old symlink trick to make six AI coding agents, from Amazon Q to Cursor, write outside the sandbox and hand over the box.

Sophos says Claude Code, Cursor, and Codex triggered Windows endpoint rules for credential access, LOLBin downloads, and persistence.

Wiz says GhostApproval abuses symlinks so AI coding agents write to SSH keys or shell startup files while showing benign paths.

AI Now’s Friendly Fire PoC shows Claude Code and Codex running README-planted payloads on hosts when autonomous command approval is enabled.

Several AI coding assistants were tricked into facilitating developer machine hacking via an attack technique that has been known for decades.