GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents

Read full story on The Hacker News
Share
GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents
AI disclosure

Summary

Researchers at Wiz found that a flaw in six popular AI coding assistants lets a booby-trapped code project quietly take control of a developer's computer. The assistant asks permission to edit one harmless-looking file, but the write lands on a sensitive one instead. The affected tools are Amazon Q Developer, Anthropic's Claude Code, Augment, Cursor, Google Antigravity, and Windsurf.

Original reporting

Open original source

Related coverage

Read full article on The Hacker News

Get the AFBytes Brief

Major stories, AI-assisted analysis, and what to watch next. Free, monthly, unsubscribe anytime.