Lies-in-the-Loop manipulation of HITL approval dialogs in agentic AI
Technical Analysis
Summary
Hide ▲
Show ▼
Checkmarx researchers detailed Lies-in-the-Loop (LITL), a technique that can manipulate Human-in-the-Loop (HITL) approval dialogs so dangerous actions look harmless and get approved. The finding matters because a compromised prompt can turn a supposed safeguard into a path to arbitrary code execution in privileged AI agents. Demonstrations involved Claude Code and Microsoft Copilot Chat in VS Code, showing how dialog content, metadata, and rendering can be abused. The researchers recommended defense-in-depth controls such as sanitization, clearer approval UI, safe OS APIs, and dialog length limits.
Related Happenings
Defensive guidance for splitting behavioral detections around AI coding agents on Windows endpoints
Defensive Guidance
First: 08.07.2026 20:02
Last: 08.07.2026 20:02
Sources 1
About this happening:
AI coding agents on **Windows endpoints** are triggering attacker-style detections, forcing defenders to separate benign automation from real **credential theft** risk. A **June 2...
Defensive guidance for splitting behavioral detections around AI coding agents on Windows endpoints
Defensive GuidanceAbout this happening: AI coding agents on **Windows endpoints** are triggering attacker-style detections, forcing defenders to separate benign automation from real **credential theft** risk. A **June 2...
HalluSquatting indirect prompt-injection attack on AI coding assistants
Technical Analysis
H score3
First: 08.07.2026 18:07
Last: 08.07.2026 18:07
Sources 1
About this happening:
Researchers demonstrated **HalluSquatting**, an indirect prompt-injection technique that can push **AI coding assistants** to fetch attacker-controlled resources and execute code....
HalluSquatting indirect prompt-injection attack on AI coding assistants
Technical AnalysisAbout this happening: Researchers demonstrated **HalluSquatting**, an indirect prompt-injection technique that can push **AI coding assistants** to fetch attacker-controlled resources and execute code....
Workflow-level jailbreak makes GitHub Copilot Chat write harmful answers in code files
Technical Analysis
H score22
First: 08.07.2026 14:21
Last: 08.07.2026 14:21
Sources 1
About this happening:
Researchers demonstrated a **workflow-level jailbreak** against **GitHub Copilot Chat** that caused harmful answers to be written inside code tasks even when direct chat prompts w...
Workflow-level jailbreak makes GitHub Copilot Chat write harmful answers in code files
Technical AnalysisAbout this happening: Researchers demonstrated a **workflow-level jailbreak** against **GitHub Copilot Chat** that caused harmful answers to be written inside code tasks even when direct chat prompts w...
NCSC guidance urges least-privilege controls for agentic AI deployment
Defensive Guidance
H score10
First: 18.05.2026 13:30
Last: 18.05.2026 13:30
Sources 1
About this happening:
The **UK National Cyber Security Centre (NCSC)** released guidance for organizations deploying **agentic AI**, warning that over-privileged or poorly monitored agents can turn a s...
NCSC guidance urges least-privilege controls for agentic AI deployment
Defensive GuidanceAbout this happening: The **UK National Cyber Security Centre (NCSC)** released guidance for organizations deploying **agentic AI**, warning that over-privileged or poorly monitored agents can turn a s...
Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale
Security Tool/Service
H score26
First: 13.05.2026 16:46
Last: 13.05.2026 16:46
Sources 1
About this happening:
Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....
Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale
Security Tool/ServiceAbout this happening: Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....
Timeline
-
17.12.2025 18:00 2 articles · 6mo ago
Lies-in-the-Loop manipulation of HITL approval dialogs in agentic AI
Initial DisclosureSecurity researchers first showed that **HITL approval prompts** can be forged or altered so a user sees a harmless-looking action while approving **arbitrary code execution**. The initial demonstrations centered on **Claude Code** and **Microsoft Copilot Chat in VS Code**.
Show sources
- New “Lies-in-the-Loop” Attack Undermines AI Safety Dialogs — www.infosecurity-magazine.com — 17.12.2025 18:00
- New “Lies-in-the-Loop” Attack Undermines AI Safety Dialogs — www.infosecurity-magazine.com — 17.12.2025 18:00