AI coding agents are reshaping software development—but they’re also expanding the attack surface. Researchers uncovered a now-patched vulnerability in Anthropic’s Claude Code GitHub Action that could have enabled prompt injection attacks to expose CI/CD secrets, API keys, and credentials. As AI agents gain autonomy in development workflows, organizations must treat untrusted inputs as hostile and rethink CI/CD security models. Natural language is becoming executable code—and attackers know it.
Attackers Can Exploit a Claude Code RCE Flaw to Take Command of System
A dangerous vulnerability found in Anthropic’s popular Claude Code developer model could have allowed bad actors to grab control of a victim’s system by luring them into clicking on a crafted malicious deeplink. Once in, the attacker could exploit the remote code execution (RCE) security flaw to execute arbitrary commands – such as shell commands […]
xAI Enters the Coding Agent Race With Grok Build
Elon Musk’s xAI has entered the developer workspace with Grok Build, a local-first coding agent featuring an automated “Arena Mode” that runs and ranks parallel AI outputs to rival Anthropic and OpenAI
LayerX: Anthropic’s Claude Code Can Easily Be Easily Weaponized
LayerX researchers were able to convince the popular AI coding tool to bypass its guardrails and execute malicious instructions.
Security Flaws in Anthropic’s Claude Code Risk Stolen Data, System Takeover
Three critical vulnerabilities found in Anthropic’s Claude Code agentic AI developer tool could be exploited simply by cloning and opening an untrusted project and lead to system takeover, stolen API keys, and credential theft, according to security researchers with Check Point. The security flaws, which Anthropic fixed last year and last month after the researchers […]