GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents

Article summary
Quick briefing — cleaned from the original RSS feed
Researchers at Wiz found that a flaw in six popular AI coding assistants lets a booby-trapped code project quietly take control of a developer's computer. The assistant asks permission to edit one harmless-looking file, but the write lands on a sensitive one instead. The affected tools are Amazon Q Developer, Anthropic's Claude Code, Augment, Cursor, Google Antigravity, and Windsurf.
1Key Takeaways
- Researchers at Wiz found that a flaw in six popular AI coding assistants lets a booby-trapped code project quietly take control of a developer's computer.
- The assistant asks permission to edit one harmless-looking file, but the write lands on a sensitive one instead.
- The affected tools are Amazon Q Developer, Anthropic's Claude Code, Augment, Cursor, Google Antigravity, and Windsurf.
2AIWedia Score
8.6/10
High relevance — worth your attention today
Based on source trust, recency, category impact, and story depth.
3Why it matters
Coding AI shifts how fast software ships and how much human review each change needs. The Hacker News reports that researchers at Wiz found that a flaw in six popular AI coding assistants lets a booby-trapped code project quietly take control of a developer's computer.
Explore related
Browse toolsCoding AI news
Explore curated coding ai tools on AIWedia — compare, rank, and launch from our directory.
Full story on The Hacker News
Read full articleHeadlines aggregated via RSS for discovery on AIWedia. Original content © The Hacker News. We link to the source and do not republish full articles.