Tech »  Topic »  Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers

Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers

an hour ago   securityweek

OpenAI recently patched a Codex CLI vulnerability that can be exploited in attacks aimed at software developers, Check Point revealed on Monday.

Codex CLI is an open source coding agent that developers can run locally from their terminal. The AI agent can read, change, and run code on the machine, enabling users to improve documentation, write unit tests, generate architecture diagrams, propose PRs, and look for vulnerabilities using natural language commands.

Check Point researchers discovered that the tool automatically loaded and executed commands defined within local project configurations. The commands in these configuration files are implicitly trusted, and they are executed without first obtaining the user’s approval.

An attacker who can commit or merge specially crafted configuration files into the targeted developer’s repository can plant files that trigger the execution of malicious commands.

“An initially innocuous config can be swapped for a malicious one post-approval or post-merge, creating ...


Copyright of this story solely belongs to securityweek . To see the full text click HERE