SPIN Unprocessed July 9, 2026 ai_technology cybersecurity
Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It
View original on thehackernews.comOverview
Ask an AI coding agent to scan open-source code for security holes, and it might run the attacker's code on your own machine instead. That is the finding in a proof-of-concept published Wednesday by the AI Now Institute, an attack it calls "Friendly Fire." It works against Anthropic's Claude Code and OpenAI's Codex when either is running in an autonomous mode that approves its own
SpinGraph analysis pending — check back after processing.
Ask AI about this story
Opens with the SpinGraph .md URL and structured context — one click, prompt included.
More from The Hacker News
View all →- Fake 7-Zip Installers Turn Devices Into Residential Proxy Nodes
- GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents
- GitHub Copilot Refuses Harmful Requests in Chat, Then Writes Them in Code
- The Verification Step Is the New ATO Battleground in 2026
- GitHub 'Verified' Commits Can Be Rewritten Into New Hashes Without Breaking Signatures
- SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users
Markdown (.md) · JSON-LD schema (.json) · Machine-readable for AI & GEO