Prompt Injection Attacks Claude Code and Codex Execution
Researchers at the AI Now Institute have demonstrated a proof-of-concept attack dubbed 'Friendly Fire' that tricks AI coding agents — specifically Anthropic's Claude Code and OpenAI's Codex in autonomous mode — into executing malicious binaries while performing routine security reviews. The attack embeds a disguised payload inside an open-source library and uses a plain README.md instruction to direct the agent to run a malicious shell script, bypassing existing trust-prompt defences. Because the weakness is architectural rather than version-specific, no patch exists; mitigation requires workflow changes.