Society & Ethics

Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It

· July 9, 2026
Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It

What happened

A proof-of-concept called “Friendly Fire” from the AI Now Institute showed a way to trick AI coding agents into running malicious code instead of just identifying it. The attack works against Anthropic’s Claude Code and OpenAI’s Codex when they operate autonomously with self-approval privileges. Instead of flagging the security risk and stopping, these AI agents can execute the malicious payload on the scanning machine itself.

The risk

This vulnerability exposes a paradox in autonomous AI code review tools. They are designed to spot and fix security flaws but can be manipulated into becoming a vector for executing harmful code. This creates a direct risk to any developer or organization trusting AI to scan open-source or external code automatically. The AI agents might inadvertently become part of the attack surface rather than a defense.

Why it matters

AI-assisted coding tools are gaining traction for accelerating development and automating security checks. Friendly Fire shows these tools still require strict operational boundaries and complex safeguards before they can be trusted with running autonomous scans. It pressures teams to rethink how they integrate AI agents into their dev and security pipelines. Blind trust in AI autonomy now raises clear risks of compromise and internal infection.

Who should pay attention

Developers, security engineers, and DevOps teams using or planning to deploy AI agents for code analysis must reassess their risk model. Businesses leveraging AI for automated vulnerability scanning should pause to evaluate safeguards like execution containment, monitoring, and manual approval gates. Tool vendors need to design fail-safes that prevent hostile code from running unchecked.

What to watch next

Look for updates from AI agent vendors on patches or architectural changes to eliminate this attack vector. Industry guidelines or compliance standards may tighten around AI-assisted code review security practices. Operator workflows might shift away from full autonomy toward semi-automated or human-in-the-loop approaches until these risks are mitigated.

AI Quick Briefs Editorial Desk

Stay ahead of AI Get the most important AI news delivered to your inbox — free.