The Hacker News AI Security · July 9, 2026

GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents

Why it matters

Researchers at Wiz found that a flaw in six popular AI coding assistants lets a booby-trapped code project quietly take control of a developer's computer. The assistant asks permission to edit one harmless-looking file, but the write lands on a sensitive one instead. The affected tools are Amazon Q Developer, Anthropic

My takeaway: GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents is an agent-security signal. The practical read is that autonomy, memory, tool permissions, and third-party integrations are the control surface that needs threat modeling and monitoring.