GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents

GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents










Researchers at Wiz found that a flaw in six popular AI coding assistants lets a booby-trapped code project quietly take control of a developer’s computer. The assistant asks permission to edit one harmless-looking file, but the write lands on a sensitive one instead.

The affected tools are Amazon Q Developer, Anthropic’s Claude Code, Augment, Cursor, Google Antigravity, and Windsurf.










Go to TheHackersNews





Posted

in

by