BeyondMachines 

Anthropic Claude Code Security Bypass Exposes Developer Credentials

Anthropic's Claude Code AI agent contains a security bypass that allows attackers to evade deny rules by padding shell commands with over 50 subcommands. This flaw enables silent credential theft when developers interact with malicious repositories.

**Update Claude Code to version 2.1.90 asap because your security deny rules can be bypassed by long commands. Be careful of external repos that may contain malicious CLAUDE.md files. Never trust AI agents with full shell access unless you verify the repositories you are working on.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/anthropic-claude-code-security-bypass-exposes-developer-credentials-t-g-f-1-y/gD2P6Ple2L

9:01amWeb
Show threadLennart Hengstmengel12h ago
@beyondmachines1 Never trust AI agents PERIOD.