Hacker News
'Friendly Fire': AI Now PoC Tricks Claude Code and Codex Into Running README-Planted Malware
AI Now Institute published a July 9 proof-of-concept showing security-scanning coding agents in autonomous/auto-review mode can be manipulated into executing a concealed binary (disguised as compiled Go inside the geopy library) after a README note suggests running a 'security script.' Affects Claude Code CLI (2.1.116–2.1.199) and OpenAI Codex CLI 0.142.4 across Sonnet 4.6, Sonnet 5, Opus 4.8, and GPT-5.5. No patch exists — researchers frame it as a fundamental design limitation of autonomous command approval.
↳ Follow the thread