Agents
Six Research Teams Exploit Codex, Claude Code, Copilot, and Vertex AI — Every Attack Hit Runtime Credentials
VentureBeat reports that six independent research teams disclosed exploits against four major AI coding agents over nine months, and every attack followed the same pattern: the agent held a credential, executed an action, and authenticated to production without a human session anchor. BeyondTrust demonstrated that a crafted GitHub branch name could steal Codex's OAuth token in cleartext. Anthropic's Claude Code source spilled onto npm, and Adversa found Claude Code silently ignored deny rules past 50 subcommands. Gravitee's 2026 survey found only 21.9% of teams have onboarded agent OAuth credentials to PAM platforms.
Source
↳ Follow the thread