< BACK TO NEWS
importantSYS.SOURCE: The Hacker News2026-07-09T10:45:02+05:30

AI Agents Designed for Malicious Code Detection Vulnerable to 'Friendly Fire' Attacks

#AI Security#Code Vulnerability#Malware Execution#Open Source Security#Automated Code Review

AI agents designed for malicious code detection, such as Anthropic's Claude Code and OpenAI's Codex, can be exploited through 'Friendly Fire' attacks that trick them into executing hidden malicious payloads embedded in README files. The vulnerability stems from their autonomous operation mode, which lacks sufficient safeguards against deceptive code injection, necessitating workflow changes rather than software patches.

Ask an AI coding agent to scan open-source code for security holes, and it might run the attacker's code on your own machine instead.

That is the finding in a proof-of-concept published Wednesday by the AI Now Institute, an attack it calls "Friendly Fire." It works against Anthropic's Claude Code and OpenAI's Codex when either is running in an autonomous mode that approves its own

Read original article

*** END OF TRANSMISSION ***

> META'S MUSE IMAGE AI TOOL UTILIZES PUBLIC INSTAGRAM CONTENT FOR GENERATED MEDIA> FOUNDING ACCOUNT EXECUTIVE POSITION AT AI-DRIVEN DEBT COLLECTION STARTUP COLLECTWISE> RUST-BASED POSTGRES IMPLEMENTATION ACHIEVES FULL REGRESSION TEST COMPLIANCE> DONKEY KONG'S ROLE IN NINTENDO'S RISE AND ATARI'S DECLINE> AI AGENTS DESIGNED FOR MALICIOUS CODE DETECTION VULNERABLE TO 'FRIENDLY FIRE' ATTACKS> SPIDER VENOM DEMONSTRATES SELECTIVE TOXICITY AGAINST VARROA MITES WITHOUT ADVERSE EFFECTS ON HONEYBEES> GHOSTAPPROVAL SYMLINK VULNERABILITY ALLOWS MALICIOUS REPOS TO EXECUTE CODE IN AI CODING ASSISTANTS> MALICIOUS 7-ZIP INSTALLERS EXPLOIT DEVICES AS RESIDENTIAL PROXY NODES> TRUECALLER CHALLENGES TRAI OVER ANTI-SPAM REGULATIONS IN INDIA> REMOTE ATTESTATION IN CYBERSECURITY: ENSURING HOST INTEGRITY THROUGH TPM> META'S MUSE IMAGE AI TOOL UTILIZES PUBLIC INSTAGRAM CONTENT FOR GENERATED MEDIA> FOUNDING ACCOUNT EXECUTIVE POSITION AT AI-DRIVEN DEBT COLLECTION STARTUP COLLECTWISE> RUST-BASED POSTGRES IMPLEMENTATION ACHIEVES FULL REGRESSION TEST COMPLIANCE> DONKEY KONG'S ROLE IN NINTENDO'S RISE AND ATARI'S DECLINE> AI AGENTS DESIGNED FOR MALICIOUS CODE DETECTION VULNERABLE TO 'FRIENDLY FIRE' ATTACKS> SPIDER VENOM DEMONSTRATES SELECTIVE TOXICITY AGAINST VARROA MITES WITHOUT ADVERSE EFFECTS ON HONEYBEES> GHOSTAPPROVAL SYMLINK VULNERABILITY ALLOWS MALICIOUS REPOS TO EXECUTE CODE IN AI CODING ASSISTANTS> MALICIOUS 7-ZIP INSTALLERS EXPLOIT DEVICES AS RESIDENTIAL PROXY NODES> TRUECALLER CHALLENGES TRAI OVER ANTI-SPAM REGULATIONS IN INDIA> REMOTE ATTESTATION IN CYBERSECURITY: ENSURING HOST INTEGRITY THROUGH TPM