
AI coding tools can hide malware in 'clean' repos—Claude’s indirect attack path
A Mozilla research team demonstrated how AI coding assistants like Anthropic’s Claude can be manipulated into executing malicious code through seemingly harmless GitHub repositories. The attack bypasses security checks by using indirect download methods and delayed execution.