The tool you deployed to catch malicious code just ran it instead. On July 8, the AI Now Institute published “Friendly Fire” — a proof-of-concept showing that Claude Code and Codex, when tasked with auditing an untrusted library, can be tricked into executing attacker-controlled binaries on your machine. No CVE. No patch. No vendor response. The name is fitting: your AI defender becomes the attack path. How It Works Researcher Boyan Milanov constructed a weaponized copy of geopy, a widely used Python geocoding library. Embedded in it were four components designed to fool an AI agent conducting a security review: […]
The post