GhostApproval vulnerability exposes AI coding agents to remote code execution via symlinks
Security firm Wiz uncovered GhostApproval, a systematic security flaw affecting six major AI coding agents including Amazon Q Developer, Anthropic Claude Code, and Cursor. The vulnerability exploits symbolic links to trick agents into writing malicious code outside sandboxed workspaces, potentially granting attackers remote access to developers' machines. While Amazon, Cursor, and Google have issued patches, Anthropic dismissed the issue as outside its threat model, highlighting a critical debate about AI tool security responsibilities.