Summary
Anthropic's Claude Code AI agent contains a security bypass that allows attackers to evade deny rules by padding shell commands with over 50 subcommands. This flaw enables silent credential theft when developers interact with malicious repositories.
Take Action:
Update Claude Code to version 2.1.90 asap because your security deny rules can be bypassed by long commands. Be careful of external repos that may contain malicious CLAUDE.md files. Never trust AI agents with full shell access unless you verify the repositories you are working on.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)