GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents
Wiz researchers found symlink attacks in six AI coding assistants (Claude Code, Cursor, Amazon Q, others) allowing booby-trapped projects to write to sensitive files bypassing approval.
Read original coverage