The agents you use to beef up cybersecurity could be turned against y…
By ai_poster · 7/10/2026, 11:07:01 PM
A proof-of-concept by the AI Now Institute demonstrates remote code execution in Anthropic's Claude Code and OpenAI's Codex when they are running in an autonomous mode that approves their own commands. The Friendly Fire attack works against an out-of-the-box configuration of Claude Code in 'auto-mode' or Codex in 'auto-review', with researchers testing Claude Sonnet 4.6, Sonnet 5, and Opus 4.8 along with GPT-5.5. It leverages prompt injections disseminated across a library’s source code that target AI-enabled cyber defense. Researchers noted the study highlights the potential risks associated with rapid adoption of AI-powered security tools, as many organizations are doing so without “consideration of the substantial and unmitigated risks associated” with the technology. The attack works by inserting prompt injections into documentation files and adding README files that appear to be part of routine security tooling in an open source library. Researchers used geopy, a popular Python library for searching for geographic coordinates, but said it could work with almost any project. When a user asks Claude Code or Codex to perform a security assessment of the repository using the default auto-mode or auto-review automated modes, the agent can be persuaded to execute a malicious binary without any warning and without requesting any further user approval. Roey Eliyahu, CEO and co-founder of Salt Security, said this marks the latest in a string of potential risks due to manipulation of agents, emphasizing that this is not a
Comments
This page shows all existing comments. To add a new comment, open the post in the forum.