{"slug": "friendly-fire-ai-code-reviewers-hijacked-to-run-malware", "title": "Friendly Fire: AI Code Reviewers Hijacked to Run Malware", "summary": "Researchers at the AI Now Institute demonstrated on July 8 that AI code review tools Claude Code and Codex can be tricked into executing malware when auditing untrusted libraries, using a weaponized copy of the geopy library. The proof-of-concept shows that AI defenders can become attack vectors, with no vendor patch or response yet available.", "body_md": "The tool you deployed to catch malicious code just ran it instead. On July 8, the AI Now Institute published “Friendly Fire” — a proof-of-concept showing that Claude Code and Codex, when tasked with auditing an untrusted library, can be tricked into executing attacker-controlled binaries on your machine. No CVE. No patch. No vendor response. The name is fitting: your AI defender becomes the attack path. How It Works Researcher Boyan Milanov constructed a weaponized copy of geopy, a widely used Python geocoding library. Embedded in it were four components designed to fool an AI agent conducting a security review: […]\n\nThe post", "url": "https://wpnews.pro/news/friendly-fire-ai-code-reviewers-hijacked-to-run-malware", "canonical_source": "https://byteiota.com/friendly-fire-ai-code-reviewers-hijacked-to-run-malware/", "published_at": "2026-07-13 21:08:10+00:00", "updated_at": "2026-07-13 21:21:01.604897+00:00", "lang": "en", "topics": ["ai-safety", "ai-agents", "ai-ethics"], "entities": ["AI Now Institute", "Claude Code", "Codex", "Boyan Milanov", "geopy"], "alternates": {"html": "https://wpnews.pro/news/friendly-fire-ai-code-reviewers-hijacked-to-run-malware", "markdown": "https://wpnews.pro/news/friendly-fire-ai-code-reviewers-hijacked-to-run-malware.md", "text": "https://wpnews.pro/news/friendly-fire-ai-code-reviewers-hijacked-to-run-malware.txt", "jsonld": "https://wpnews.pro/news/friendly-fire-ai-code-reviewers-hijacked-to-run-malware.jsonld"}}