
Decades-Old Bash Tricks Expose AI Coding Agents to Supply Chain Attacks
Security researchers have disclosed a structural vulnerability dubbed 'GuardFall' that allows attackers to bypass the defenses of most open-source AI coding agents using decades-old Bash shell techniques. By exploiting shell behaviors such as quote removal and variable expansion, malicious commands can be hidden inside repositories, README files, or Makefiles—posing serious risks of credential theft and system compromise when executed in auto-approve or CI/CD environments.
Source: Slashdot



