{"id":287363,"date":"2026-07-08T10:00:00","date_gmt":"2026-07-08T14:00:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/07\/08\/bug-in-top-ai-coding-agents-shows-that-unix-era-security-headaches-never-really-die\/"},"modified":"2026-07-08T19:10:09","modified_gmt":"2026-07-08T23:10:09","slug":"bug-in-top-ai-coding-agents-shows-that-unix-era-security-headaches-never-really-die","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/07\/08\/bug-in-top-ai-coding-agents-shows-that-unix-era-security-headaches-never-really-die\/","title":{"rendered":"Bug in top AI coding agents shows that Unix-era security headaches never really die"},"content":{"rendered":"<p><a href=\"https:\/\/www.theregister.com\/security\/2026\/07\/08\/bug-in-top-ai-coding-agents-shows-that-unix-era-security-headaches-never-really-die\/5268025\">Bug in top AI coding agents shows that Unix-era security headaches never really die<\/a><\/p>\n<p><a href=\"https:\/\/www.theregister.com\/security\/2026\/07\/08\/bug-in-top-ai-coding-agents-shows-that-unix-era-security-headaches-never-really-die\/5268025\">https:\/\/www.theregister.com\/security\/2026\/07\/08\/bug-in-top-ai-coding-agents-shows-that-unix-era-security-headaches-never-really-die\/5268025<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-08 10:00:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.theregister.com\">www.theregister.com<\/a><\/p>\n<p><span class=\"font-weight-bold m-font-weight-bold tertiary color_mobile_tertiary\" data-lab-font_weight=\"font-weight-bold\" data-lab-text_color=\"tertiary\">UPDATED<\/span> A \u201csystematic vulnerability pattern\u201d in at least six of the most widely used AI coding assistants can be abused to trick agents into accessing files outside the workspace sandbox, leading to remote code execution on the developer&#8217;s machine.<\/p>\n<p>Google-owned security biz Wiz found the security gap, which it&#8217;s named &#8220;GhostApproval,&#8221; and reported it to all six: Amazon Q Developer, Anthropic Claude Code, Augment, Cursor, Google Antigravity, and Windsurf.\u00a0<\/p>\n<p>Amazon, Cursor, and Google deemed the flaw critical or high-severity, fixed it, and either already issued (AWS and Cursor) a CVE tracker or are in the process of getting that done (Google).\u00a0<\/p>\n<p>Augment and Windsurf acknowledged the Wiz-submitted vulnerability report, but haven\u2019t patched the issue or warned users.\u00a0<\/p>\n<h3 class=\"quote\" style=\"\">\n            In the race to ship autonomous features, trust-boundary gaps emerge between users, AI agents, and local filesystems. Classic security principles &#8211; like resolving symlinks before acting on paths &#8211; cannot be overlooked as we embrace new AI architectures<br \/>\n        <\/h3>\n<p>Anthropic eventually added a warning as part of &#8220;proactive security hardening based on internal review.&#8221;<\/p>\n<p>While there\u2019s no indication that this vulnerability is being actively exploited by attackers in the wild, it\u2019s still a serious threat to enterprises rushing to deploy code-writing agents in their environments.<\/p>\n<p>\u201cAI coding tools are routinely granted deep access to enterprise codebases and cloud environments,\u201d Wiz threat researcher Maor Dokhanian told <span class=\"italic m-italic \" data-lab-italic=\"italic\">The Register<\/span>. \u201cIn the race to ship autonomous features, trust-boundary gaps emerge between users, AI agents, and local filesystems. Classic security principles &#8211; like resolving symlinks before acting on paths &#8211; cannot be overlooked as we embrace new AI architectures.\u201d<\/p>\n<h3>Age-old headache meets AI coding agents<\/h3>\n<p>The problem stems from a long-standing security headache called symbolic links, aka &#8220;symlinks&#8221;. These files&#8230;<\/p>\n<p><a href=\"https:\/\/www.theregister.com\/security\/2026\/07\/08\/bug-in-top-ai-coding-agents-shows-that-unix-era-security-headaches-never-really-die\/5268025\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Bug in top AI coding agents shows that Unix-era security headaches never really die https:\/\/www.theregister.com\/security\/2026\/07\/08\/bug-in-top-ai-coding-agents-shows-that-unix-era-security-headaches-never-really-die\/5268025&#8230;<\/p>\n","protected":false},"author":1,"featured_media":287364,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/image.theregister.com\/5263225.jpg?imageId=5263225&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,27],"class_list":["post-287363","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/287363"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=287363"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/287363\/revisions"}],"predecessor-version":[{"id":287365,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/287363\/revisions\/287365"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/287364"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=287363"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=287363"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=287363"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}