BotBeat
...
← Back

> ▌

AnthropicAnthropic
RESEARCHAnthropic2026-07-08

Security Researchers Expose Remote Code Execution Vulnerabilities in Anthropic's Claude Code and OpenAI's Codex

Key Takeaways

  • ▸Researchers disclosed a prompt injection vulnerability affecting Anthropic's Claude Code and OpenAI's Codex that enables remote code execution through embedded malicious prompts in source code
  • ▸The attack exploits the 'auto-mode' defensive configuration of these AI agents without requiring special plugins, MCP servers, or modified configurations
  • ▸The research challenges the assumption that AI-enabled defense can effectively counter AI-enabled offense, revealing a paradox where defensive deployment introduces novel vulnerabilities
Source:
Hacker Newshttps://ainowinstitute.org/publications/friendly-fire-exploit-brief↗

Summary

Security researchers have published a proof-of-concept exploit demonstrating remote code execution vulnerabilities in Anthropic's Claude Code CLI and OpenAI's Codex CLI when these tools are used in their default defensive configurations. The attack leverages prompt injections embedded within source code to hijack AI agents that evaluate code for security vulnerabilities. The vulnerability affects Claude Sonnet 4.6, Claude Sonnet 5, and Claude Opus 4.8 on Anthropic's platform, as well as OpenAI's implementation with GPT-5.5, and requires only out-of-the-box configurations to succeed.

The attack works by hiding malicious prompts within library source code comments and strings, which the defensive AI agents then execute when analyzing the code in "auto-mode" or "auto-review" features. Unlike traditional exploitation methods, this vector doesn't require hooks, skills, MCP servers, or special plugins—it exploits the fundamental mechanism by which these AI agents interpret and respond to code. Researchers demonstrated their proof-of-concept through a video showing how Claude Code could be compromised.

Beyond the immediate technical vulnerability, the research challenges the broader policy narrative promoting AI-enabled cyber defense as an antidote to AI-enabled offense. The researchers argue that White House initiatives like "Promoting Advanced Artificial Intelligence Innovation and Security" and Anthropic's Project Glasswing are advancing defensive AI deployment without adequately addressing the novel security risks these systems introduce. The work suggests that frontier AI models have unique technical shortcomings that make them potentially more vulnerable to exploitation when deployed defensively than beneficial for detection.

  • The findings directly critique government and industry initiatives advocating for rapid AI-enabled cyber defense in safety-critical infrastructure without sufficient risk assessment

Editorial Opinion

This research fundamentally challenges the narrative that AI can safely defend against sophisticated threats, revealing instead that deploying frontier AI models in defensive roles may introduce vulnerabilities exceeding the benefits they provide. The timing is particularly significant: as governments and enterprises accelerate AI-enabled security initiatives, this proof-of-concept demonstrates the critical need to prioritize AI safety and robustness before deployment in security-critical infrastructure. The research suggests that current policy frameworks are outpacing technical readiness, and that uncritical enthusiasm for AI-enabled defense could undermine rather than strengthen cybersecurity postures.

AI AgentsCybersecurityRegulation & PolicyAI Safety & Alignment

More from Anthropic

AnthropicAnthropic
PRODUCT LAUNCH

VelaTerm: New Terminal & Agent Manager for Claude Code

2026-07-09
AnthropicAnthropic
UPDATE

Anthropic's Claude Gains Autonomous Database Management with EventSourcingDB Plugin 1.1.0

2026-07-08
AnthropicAnthropic
POLICY & REGULATION

China's Regulatory Body Warns Developers to Uninstall Claude Code Over Alleged Backdoor Monitoring

2026-07-08

Comments

Suggested

Academic ResearchAcademic Research
RESEARCH

StoryScope: New Method Reveals Distinct Narrative Fingerprints of AI-Generated Fiction

2026-07-09
Abnormal SecurityAbnormal Security
POLICY & REGULATION

Abnormal Security Responds Publicly to Anthropic Trademark Lawsuit

2026-07-09
ArXivArXiv
RESEARCH

Auto: Compiler System Transforms LLM Agent Behavior Into Optimized WebAssembly, Reducing Inference Costs 6.4x

2026-07-09
← Back to news
© 2026 BotBeat
AboutPrivacy PolicyTerms of ServiceContact Us