AI Brief

Loading

GhostApproval bug hits major AI coding agents

The Register reports that Wiz found a symlink-based vulnerability pattern affecting multiple AI coding assistants, including Amazon Q Developer, Claude Code, Cursor, Google Antigravity, and Windsurf.

Read more

The Register reports that Wiz found a vulnerability pattern called GhostApproval in at least six widely used AI coding assistants. The issue can trick agents into accessing files outside the intended workspace sandbox, creating a path toward remote code execution on a developer machine. Amazon, Cursor, and Google rated the issue critical or high severity and issued or prepared fixes, while other vendors had acknowledged reports at the time of publication.

Key details: Wiz named the vulnerability pattern GhostApproval, Affected tools included Amazon Q Developer, Claude Code, Cursor, Google Antigravity, and Windsurf, The issue involves symlink-style workspace-boundary bypasses.

Why it matters: Coding agents are being granted deep workspace access, so old filesystem security mistakes can become new agent execution risks.

Original

Profile

Your reading trail

Give Feedback

Saves are local on this device.

0 Saved
0 Opened

Saved stories

Unsigned saves stay on this device. Sign in with Google to sync saved stories across devices.