Security · 2h ago
AI Security Agents Tricked Into Running Malicious Code
Researchers at the AI Now Institute developed a proof-of-concept attack called 'Friendly Fire' that tricks AI coding agents into executing malicious code. The attack targets Anthropic's Claude Code and OpenAI's Codex when running in autonomous mode. It exploits the agents' ability to approve their own actions, turning security tools into attack vectors.
Meridian48 take
The attack highlights a fundamental flaw in trusting AI agents to autonomously vet code, suggesting that human oversight remains essential for security-critical tasks.
Read the full reporting
Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It →
The Hacker News
ai-securitycode-agents