Agents
TrustFall: Adversa AI Reveals One-Keypress RCE Across Claude Code, Gemini CLI, Cursor CLI, and GitHub Copilot CLI
Adversa AI's TrustFall research reveals a systemic vulnerability class across four major AI coding CLIs: all four execute project-defined MCP servers immediately after the user accepts the folder trust prompt, which defaults to 'Yes/Trust' — meaning one Enter keypress in a cloned repo is sufficient for RCE. The finding reframed what was initially seen as a Claude Code regression into an industry-wide convention problem shared across all agentic CLIs that read project configuration files.
↳ Follow the thread