GuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection Risks
By
[email protected] (The Hacker News)
4d ago
Source
The safety check that is supposed to stop an AI coding agent from running a dangerous command can be walked straight past using a shell trick that has been public for decades. New research from Adversa AI, which is named the bypass GuardFall, found it works against ten of the eleven popular open-source coding and computer-use agents the firm tested. Only one, "Continue," was built to
You might also wanna read
Decades-Old Bash Tricks Expose AI Coding Agents To Supply Chain Attacks
Slashdot

Hacker Exploits AI Coding Agent Vulnerability to Install OpenClaw Malware
A hacker exploited a vulnerability in Cline, an open-source AI coding agent, to trick it into installing OpenClaw (a viral AI agent) on comp
OpenCode AI Coding Agent Hit with Critical Remote Code Execution Vulnerability
OpenCode, a popular open-source AI coding agent, was recently hit with a critical CVE (Common Vulnerabilities and Exposures) that allowed fo
Low-skilled attacker used Claude and Codex AI agents to breach 14 companies, research finds
A report by OALABS researchers reveals that a low-skilled attacker successfully used AI coding agents (Anthropic's Claude Code and OpenAI's
BraveGuard: A Self-Evolving Defense Framework for Safer Computer-Use AI Agents
This paper introduces BraveGuard, a self-evolving defense framework for training guard models to detect safety risks in computer-use agents—
Security experiment shows malicious AI skill compromised 26,000+ agents by bypassing scanners
A controlled security experiment by researcher Niv Hoffman demonstrated a critical vulnerability in AI agent ecosystems. A malicious AI skil
cybersecuritynews.com·10d ago
Comments
Sign in to join the conversation.
No comments yet. Be the first.