Find notable cyber news and cases, enriched with sources, timelines, and signals.

Prompt-injection proof-of-concept enables silent RCE in Claude Code and Codex

Technical Analysis
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

Researchers demonstrated a proof-of-concept exploit that can force remote code execution in Anthropic’s Claude Code and OpenAI’s Codex, exposing a trust-boundary flaw in AI coding agents. The attack uses multi-stage prompt injection inside an untrusted repository to make attacker text look like normal task context. In auto-mode/auto-review, the agents can be pushed to run a supposed security.sh workflow that actually launches hidden code. The result is silent execution on a victim machine during a defensive scan.

Related Happenings

Friendly Fire: autonomous AI code-review modes can execute attacker-controlled repository code

Technical Analysis
H score28 First: 09.07.2026 08:15 Last: 09.07.2026 08:15 Sources 1

About this happening: **Friendly Fire** shows that autonomous code-review modes in **Claude Code** and **OpenAI Codex** can be manipulated into **executing attacker-controlled code** on the host. The p...

Defensive guidance for splitting behavioral detections around AI coding agents on Windows endpoints

Defensive Guidance
H score28 First: 08.07.2026 20:02 Last: 08.07.2026 20:02 Sources 1

About this happening: AI coding agents on **Windows endpoints** are triggering attacker-style detections, forcing defenders to separate benign automation from real **credential theft** risk. A **June 2...

HalluSquatting indirect prompt-injection attack on AI coding assistants

Technical Analysis
H score3 First: 08.07.2026 18:07 Last: 08.07.2026 18:07 Sources 1

About this happening: Researchers demonstrated **HalluSquatting**, an indirect prompt-injection technique that can push **AI coding assistants** to fetch attacker-controlled resources and execute code....

SKILLCLOAK and SKILLDETONATE expose AI coding-agent skill scanner evasion with runtime-packed malware

Technical Analysis
H score22 First: 06.07.2026 09:33 Last: 06.07.2026 09:33 Sources 1

About this happening: **SKILLCLOAK** shows that malicious **AI coding-agent skills** can be rewritten to evade static scanners while still executing, exposing **credentials**, **source code**, and term...

GuardFall shell-trick bypass of command safety checks in AI coding agents

Technical Analysis
H score25 First: 30.06.2026 17:26 Last: 30.06.2026 17:26 Sources 1

About this happening: **GuardFall** exposed a shell-trick bypass that lets dangerous commands slip past safety checks in **open-source AI coding and computer-use agents**, putting **full account access...

Timeline

  1. 10.07.2026 16:45 2 articles · 2h ago

    AI Now Institute demonstrates prompt-injection remote code execution in Claude Code and Codex

    Initial Disclosure

    AI Now Institute researchers Heidy Khlaaf and Boyan Milanov published a July 8 proof-of-concept showing that multi-stage prompt injection hidden in a third-party open-source repository can steer Anthropic’s Claude Code and OpenAI’s Codex into running attacker-controlled commands on a victim machine. The exploit affects Claude Code with Claude Sonnet 4.6 and 5 and Opus 4.8, and Codex with GPT-5.5, by abusing auto-mode or auto-review to treat a malicious security.sh workflow as routine and launch a hidden code_policies binary, resulting in silent remote code execution.

    Show sources