# Friendly Fire: AI Code Reviewers Hijacked to Run Malware

> Source: <https://byteiota.com/friendly-fire-ai-code-reviewers-hijacked-to-run-malware/>
> Published: 2026-07-13 21:08:10+00:00

The tool you deployed to catch malicious code just ran it instead. On July 8, the AI Now Institute published “Friendly Fire” — a proof-of-concept showing that Claude Code and Codex, when tasked with auditing an untrusted library, can be tricked into executing attacker-controlled binaries on your machine. No CVE. No patch. No vendor response. The name is fitting: your AI defender becomes the attack path. How It Works Researcher Boyan Milanov constructed a weaponized copy of geopy, a widely used Python geocoding library. Embedded in it were four components designed to fool an AI agent conducting a security review: […]

The post
