These AI agent attacks are getting ridiculous

campuscodi@mastodon.social

These AI agent attacks are getting ridiculous

Malicious code hidden in source code repositories can trick AI coding agents into overwriting their own configuration files

The approval prompt is lying: a critical coding agent security flaw

A critical coding agent security flaw, SynJack, lets a fake "video copy" rewrite config in Claude, Cursor, Copilot, Codex, Grok, and Gemini. How to stop RCE.

Adversa AI | Agentic AI Security (adversa.ai)

dalias@hachyderm.io

@campuscodi I don't call that malicious code I call that self-defense.

lanodan@queer.hacktivis.me

@dalias @campuscodi plus well… it's not code

cwbussard@ioc.exchange

@dalias @campuscodi

Yes... I think there'd be an audience for a plug-and-play version that you could just drop into any repo that would prevent AI slop pull requests by tricking the AI slop tools into nuking the local copy.

dalias@hachyderm.io

@cwbussard @campuscodi Or putting a blackhole for the slop provider's domain name in /etc/hosts so the whole thing stops working.

claralistensprechen3rd@friendica.myportal.social

@campuscodi Karma!

cjust@infosec.exchange

@campuscodi