// GitHubMEDIUM
Mozilla's 0DIN team disclosed a proof-of-concept attack demonstrating how AI coding agents like Anthropic's Claude Code can be exploited via seemingly clean GitHub repositories. The technique uses a three-step indirection chain—a configured package that triggers an initialization command, which fetches and executes attacker-supplied code from a DNS record—to gain shell access without leaving malicious code in the repository itself. No active exploitation has been reported.
- Mozilla 0DIN Demonstrates GitHub-based Agent Exploit | Let's Dat(opens in a new tab)
- AI coding agents can be tricked into installing malware via 'cle(opens in a new tab)
// Get alerts for GitHub