
GhostApproval Flaw Lets AI Coding Assistants Write Files Outside Workspace Sandbox
A newly disclosed vulnerability pattern dubbed GhostApproval affects six major AI coding assistants, allowing malicious repositories to trick agents into writing files outside their designated workspace sandbox, potentially leading to remote code execution on developer machines. Wiz researchers found the flaw impacts Amazon Q Developer, Anthropic Claude Code, Augment, Cursor, Google Antigravity, and Windsurf. The […]
The post GhostApproval Flaw Lets AI Coding Assistants Write Files Outside Workspace Sandbox appeared first on Cyber Security News.