The Hacker News AI Security ยท July 9, 2026

Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It

Why it matters

Ask an AI coding agent to scan open-source code for security holes, and it might run the attacker's code on your own machine instead. That is the finding in a proof-of-concept published Wednesday by the AI Now Institute, an attack it calls "Friendly Fire." It works against Anthropic's Claude Code and OpenAI's Codex whe

My takeaway: Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It is an agent-security signal. The practical read is that autonomy, memory, tool permissions, and third-party integrations are the control surface that needs threat modeling and monitoring.