HackerFeeds

CyberSecurity News

Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It

The Hacker News
· July 9, 2026

AI summary

Researchers have discovered a vulnerability in top AI coding agents, including Anthropic's Claude Code and OpenAI's Codex, that allows them to be tricked into running malicious code. When operating in autonomous mode, these agents can be exploited to execute attacker's code on the user's own machine. This type of attack, dubbed "Friendly Fire", occurs when the AI agent is tasked with scanning open-source code for security vulnerabilities. The AI Now Institute has published a proof-of-concept demonstrating this vulnerability. The attack takes advantage of the agents' ability to approve their own code execution in autonomous mode.

Read the full article at The Hacker Newsthehackernews.com/2026/07/friendly-fire-ai-agents-built-to-catch.html

This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to The Hacker News.