-
UNC Paths as a Covert Exfiltration Channel in AI Coding Agents
What if a prompt-injected agent could use safe read only tools to silently exfiltrate your secrets? Data exfiltration from AI coding agents is a well-documented attack class. Johann Rehberger (embracethered) has published extensively on this topic: Claude Code: Data Exfiltration with DNS (CVE-2025-55284) — using DNS as a covert channel...
-
When the WAF Blocks Everything: SQL Injection with Only Math
Recently I came across an interesting bug bounty target where I found some nice, classic SQL injection, but none of the WAF bypasses known to me worked. So I asked Claude Code what it could do to exploit it. It turned out to be quite capable of solving this issue....
-
Caught in the Hook... or just API key exfiltration:
In my previous post, I explained the concept of the folder trust gap in AI agents. And today someone released a new article which describes such vulnerabilities in Claude Code. Nothing new except an interesting attack vector with environment variables. Caught in the Hook: RCE and API Token Exfiltration Through...
-
The Trust Gap: Your AI Agent Is Running Code Before It Asks Permission
What is the threat model of an AI agent that operates in your terminal? One of the first things that happens when you type claude/codex/copilot/gemini in your terminal is that you are asked to trust this folder before any action is taken. This is a security measure to prevent malicious...