🛡 RCE Vulnerability in Protective AI Agents

Researchers from the AI Now Institute have demonstrated the possibility of remote code execution (RCE) in agents such as Anthropic Claude Code and OpenAI Codex. The attack utilizes a "double deception" method: the first layer deceives filters through fake files, while the second layer executes malicious instructions hidden within documentation.

🌍 The problem shows that current defense mechanisms are unable to cope with complex attacks, which calls into question the security of the mass deployment of autonomous agents.

👤 Developers should exercise caution when using AI agents in "auto-execute" mode for code analysis, as the agent could become a hacking tool.

Source 1: https://ainowinstitute.org/publications/friendly-fire-exploit-brief Source 2: https://github.com/Boyan-MILANOV/friendly-fire-ai-agent-exploit