Fetching from the wire…
Security2026-07-11 · source-backed
The AI Now Institute showed that self-approving agents get tricked into running attacker code exactly when asked to scan untrusted third-party code for vulnerabilities. Prompt injections seeded in ordinary repo files steer Claude Code and Codex into executing attacker commands during a routine security review. The irony writes itself. The act of auditing hostile code with an auto-approve agent is itself the compromise. Never run untrusted-code review in autonomous mode.
Each link below shares sources, entities, or timing with this story.
Codex competes with Claude Code / Shared entities / Shared topic / Earlier coverage
Linked by a graph relationship (Codex competes with Claude Code); both cover Claude Code, Codex, Never; overlapping topics (agent, claude, code, codex).
Claude Code uses Sonnet / Shared entities / Shared topic / Earlier coverage
Linked by a graph relationship (Claude Code uses Sonnet); both cover Claude Code, Codex; overlapping topics (agent, claude, code, codex, review).
Cline benchmarked against Claude Code / Shared entities / Shared topic / Earlier coverage
Linked by a graph relationship (Cline benchmarked against Claude Code); both cover Claude Code, Codex, Prompt; overlapping topics (agent, claude, code).