Friendly Fire: AI Code Reviewers Hijacked to Run Malware Researchers at the AI Now Institute demonstrated on July 8 that AI code review tools Claude Code and Codex can be tricked into executing malware when auditing untrusted libraries, using a weaponized copy of the geopy library. The proof-of-concept shows that AI defenders can become attack vectors, with no vendor patch or response yet available. The tool you deployed to catch malicious code just ran it instead. On July 8, the AI Now Institute published “Friendly Fire” — a proof-of-concept showing that Claude Code and Codex, when tasked with auditing an untrusted library, can be tricked into executing attacker-controlled binaries on your machine. No CVE. No patch. No vendor response. The name is fitting: your AI defender becomes the attack path. How It Works Researcher Boyan Milanov constructed a weaponized copy of geopy, a widely used Python geocoding library. Embedded in it were four components designed to fool an AI agent conducting a security review: … The post