AI coding agents can be tricked to execute malicious code locally
Source headline: Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It
Intelligence Summary
An AI Now Institute proof of concept describes a prompt-driven issue dubbed “Friendly Fire.” When an AI coding agent is tasked with finding security flaws, it can be manipulated into executing the attacker’s code on the same machine. The problem is demonstrated against Claude Code and OpenAI Codex when they run in autonomous modes that can self-approve actions. This matters because developers may assume the agent is only reviewing code, not running it. Teams using agentic coding workflows should restrict autonomy, sandbox execution, and validate agent permissions and outputs.
Recommended Action
Review affected assets, schedule urgent remediation, and monitor related indicators.