The agents you use to beef up cybersecurity could be turned against you – ‘Friendly Fire’ attacks can manipulate OpenAI and Anthropic models into running malicious code

A proof-of-concept by the AI Now Institute demonstrates remote code execution in Anthropic’s Claude Code and OpenAI’s Codex when they’re running in an autonomous mode that approves their own commands.

The Friendly Fire attack works against an out-of-the-box configuration of Claude Code in ‘auto-mode’ or Codex in ‘auto-review’, with researchers testing Claude Sonnet 4.6, Sonnet 5, and Opus 4.8 along with GPT-5.5.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *