Security researchers have identified a persistent vulnerability across AI coding assistants like Claude Code, OpenAI Codex CLI, and Google Gemini-CLI, dubbed "Approve Once, Exploit Forever." This flaw allows malicious actors to execute arbitrary commands after initial directory trust is granted, even if configuration files are altered later. The vendors have declined to implement fixes, citing the behavior as architectural, leaving users exposed to data exfiltration and command execution through modified project files or dependencies. AI
Summary written by gemini-2.5-flash-lite from 1 source. How we write summaries →
IMPACT This vulnerability exposes users of AI coding assistants to significant security risks, potentially leading to data exfiltration and unauthorized command execution.
RANK_REASON Security researchers disclosed a vulnerability in multiple AI coding assistants, which the vendors have declined to fix. [lever_c_demoted from research: ic=1 ai=1.0]