New research from Adversa AI reveals that the GuardFall vulnerability allows bypassing safety checks in AI coding agents. This poses risks of executing malicious shell commands with full account access across multiple popular open-source agents.
Adversa AI has identified a vulnerability named GuardFall that allows malicious commands to bypass safety checks in AI coding agents. This flaw affects ten out of eleven popular open-source coding agents tested, with only one demonstrating adequate defense against it.
The vulnerability arises from the way AI coding agents check commands. They compare commands as plain text against a blocklist of unsafe patterns, but the shell modifies commands before execution. For example, a seemingly harmless command like 'r''m' is interpreted differently by the shell, allowing dangerous commands to be executed.
Executing malicious commands can lead to serious security breaches, such as wiping files or stealing sensitive information like SSH keys and cloud credentials. Because of the widespread use of affected coding agents, this issue poses a significant risk across various automated workflows.
For an attack to succeed, the AI must generate a harmful command disguised within regular functions, and the agent must operate with elevated permissions or an auto-execute setting. These conditions are commonly found in automated systems, increasing the likelihood of successful exploitation.
The coding agents surveyed carry approximately 548,000 GitHub stars, reflecting their popularity and extensive use in the industry. The discovery of GuardFall heightens concerns about the security of these widely adopted tools.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
New research from Adversa AI reveals that the GuardFall vulnerability allows bypassing safety checks in AI coding agents. This poses risks of executing malicious shell commands with full account access across multiple popular open-source agents.