
AI coding tool hole illustrates a big problem with human in the loop
A security hole within AI dev tools has allowed attackers to escape sandboxes by misleading the humans in the loop who were supposed to knowingly approve the tool’s actions, according to cybersecurity research firm Wiz.
“We discovered GhostApproval, a systematic vulnerability pattern affecting six of the top AI coding assistants: Amazon Q Developer, Anthropic Claude Code, Augment, Cursor, Google Antigravity, and Windsurf [now known as Devin Desktop],” the Wiz report said. “In each case, a malicious repository can trick the agent into accessing arbitrary files outside the workspace sandbox, potentially achieving remote code execution on the developer’s machine.”
The first report of the hole c...