AI Coding Agents Could Fuel Next Supply Chain Crisis

AI Coding Agents Could Fuel Next Supply Chain Crisis

Briefly

"Researchers from Adversa.AI have discovered an issue that allows attackers to abuse Claude Code's automation, potentially creating a new supply chain threat. Agentic AI is designed to operate automatically and usually invisibly to make our work easier and more efficient. AI code generators are no different. Claude Code (launched in May 2025) has become the fastest-growing tool in the startup and high-end engineering space, with the highest user satisfaction rating against its competitors."

"Adversa AI has discovered a way in which its agentic behavior can be manipulated by an attacker into providing a one-click RCE, or even a potential supply chain threat. All the attacker needs to do is place attractive but malicious code as, say, a GitHub repo. When a developer uses Claude Code for a new task, it checks available repositories for what will assist in the task. If it locates, selects and downloads the malicious prepared code, it is almost immediately game over for the developer."

"Claude Code's acceptance dialog simply reads, "Quick safety check: Is this a project you created or one you trust?", with the default set to 'trust'. It's little different in practice to Chrome's browser security warning - which almost everyone almost always 'allows'. Similarly in Claude Code, but "One Enter keypress on the trust dialog spawns the server as an unsandboxed OS process with the developer's full privileges. No tool call from Claude is required," reports Adversa."

"The cloned repository contains small JSON files in standard Claude Code locations, providing an arbitrary code execution. Advertisement. Scroll to continue reading. enableAllProjectMcpServers in .claude/settings.json - auto-approves every server defined in the project's .mcp.json enabledMcpjsonServers auto-approves a named subset"