BeyondTrust: How Command Injection Vulnerability in OpenAI Codex Leads to GitHub Token Compromise https://www.beyondtrust.com/blog/entry/openai-codex-command-injection-vulnerability-github-token

More:

VentureBeat: Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model https://venturebeat.com/security/six-exploits-broke-ai-coding-agents-iam-never-saw-them @venturebeat #infosec #Claude #Copilot #Codex #OpenAI #GitHub #ChatGPT