Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
AI Coding Agents Vulnerable to Running Malicious Code

AI Coding Agents Vulnerable to Running Malicious Code

Posted on July 9, 2026 By CWS

Recent research has unveiled a critical vulnerability in AI coding agents that are intended to identify security flaws in open-source code. These agents, rather than safeguarding systems, could inadvertently execute malicious scripts on the host machine. This vulnerability was demonstrated in a proof-of-concept by the AI Now Institute, which termed the attack ‘Friendly Fire’.

AI Coding Agents Under Scrutiny

The study specifically tested Anthropic’s Claude Code and OpenAI’s Codex, both operating in autonomous modes capable of approving their own commands. The attack effectively turns the agents’ primary function—examining untrusted code for security issues—against them. Researchers Boyan Milanov and Heidy Khlaaf conducted trials on various setups, showing how these AI tools could be manipulated to run harmful code.

The autonomous modes in Claude Code and Codex utilize classifiers to determine command safety, pausing only for commands deemed risky. However, when activated, these modes can potentially allow the execution of malicious code without user intervention.

Exploit Details and Implications

This vulnerability does not stem from specific software versions but rather from a fundamental design flaw. The researchers demonstrated the exploit using the Python library geopy, introducing a script named ‘security.sh’ that covertly executed a payload. By cleverly disguising the binary as a harmless file, they managed to bypass the agents’ safety checks.

Previous attempts to exploit AI agents have typically involved configuration files requiring user trust. This new method, however, leverages a README.md file, which is commonly found and trusted in repositories, thereby broadening the scope for potential misuse.

Recommendations and Precautions

AI Now’s report highlights that simply updating models will not mitigate this issue, as the models cannot yet consistently differentiate between code and executable instructions. They urge policymakers and vendors to reassess the deployment of AI agents in security roles, noting the rapid adoption outpacing necessary security measures.

Although the proof-of-concept remains a controlled experiment, the researchers stress the importance of not allowing untrusted code to interact with command-capable agents. They advise teams using these tools to be vigilant for any unauthorized execution of binaries or scripts prompted by documentation files.

While sandboxing offers some protection, it is not foolproof, and previous vulnerabilities have allowed code to escape these confines. The researchers advocate for stricter operational modes that require user verification for each step, albeit at the cost of automation.

In conclusion, this research underscores the need for enhanced security practices in deploying AI coding agents. As the technology continues to evolve, both developers and users must remain diligent in identifying and mitigating potential threats.

The Hacker News Tags:AI research, AI security, AI vulnerabilities, Anthropic Claude, autonomous agents, code scanning, coding agents, Cybersecurity, malicious code, OpenAI Codex, proof-of-concept, security risks, Software Security, software testing, tech news

Post navigation

Previous Post: Unpatched Tenda Firmware Backdoor Risks Device Security
Next Post: GhostApproval Flaw in Popular AI Coding Tools Raises Security Concerns

Related Posts

Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over  Billion Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion The Hacker News
Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code The Hacker News
Enterprise Security Gaps: Insights from 25 Million Alerts Enterprise Security Gaps: Insights from 25 Million Alerts The Hacker News
The Hidden Weaknesses in AI SOC Tools that No One Talks About The Hidden Weaknesses in AI SOC Tools that No One Talks About The Hacker News
Cisco Patches Actively Exploited SD-WAN Vulnerability Cisco Patches Actively Exploited SD-WAN Vulnerability The Hacker News
Beware the Hidden Costs of Pen Testing Beware the Hidden Costs of Pen Testing The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • GhostApproval Flaw in Popular AI Coding Tools Raises Security Concerns
  • AI Coding Agents Vulnerable to Running Malicious Code
  • Unpatched Tenda Firmware Backdoor Risks Device Security
  • AI Coding Tool Flaw Exposes Developers to Code Exploits
  • Accenture Confirms Breach Amid Hacker’s Data Theft Claims

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • GhostApproval Flaw in Popular AI Coding Tools Raises Security Concerns
  • AI Coding Agents Vulnerable to Running Malicious Code
  • Unpatched Tenda Firmware Backdoor Risks Device Security
  • AI Coding Tool Flaw Exposes Developers to Code Exploits
  • Accenture Confirms Breach Amid Hacker’s Data Theft Claims

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark