AI Coding Tools Tricked Into Hacking Developer Machine via Decades-Old Technique

AI Coding Tools Tricked Into Hacking Developer Machine via Decades-Old Technique
Wiz disclosed GhostApproval, an attack that tricks AI coding assistants into following deceptive symlinks and modifying files outside the intended workspace. The issue was tested against Claude Code, Amazon Q Developer, Cursor, Google Antigravity, Augment, and Windsurf, with some vendors already patching the flaw. #GhostApproval #ClaudeCode #AmazonQDeveloper #Cursor #GoogleAntigravity #Augment #Windsurf

Keypoints

  • GhostApproval abuses symbolic link behavior to mislead AI coding assistants.
  • The attack can cause agents to write to sensitive files outside the project directory.
  • Some tools fail to show the true canonical path in approval prompts.
  • The flaw may enable remote code execution on a developer’s machine.
  • AWS, Google, and Cursor have patched the issue, while other vendors are still reviewing it.

Read More: https://www.securityweek.com/ai-coding-tools-tricked-into-hacking-developer-machine-via-decades-old-technique/