


Posted
by
EditorDavid
from the big-Bash-theory dept.
Slashdot reader wiredmikey writes: AI safety researchers have uncovered a structural safety flaw dubbed GuardFall that permits decades-old Bash shell methods to bypass safeguards in most open supply AI coding brokers. By exploiting shell behaviors comparable to quote removing and variable growth, attackers can conceal malicious instructions in repositories, README information, Makefiles, or different content material consumed by AI brokers. If executed — notably in auto-approve or CI environments—the instructions can steal credentials, compromise developer techniques, or allow software program provide chain assaults. In line with researchers at Adversa AI, the 11 common open supply AI coding brokers examined, just one efficiently blocked the entire Bash trick methods.


