SECURITYWEEK reports that AI coding agents could threaten supply chains, with researchers from Adversa[.]AI finding a way to abuse Claude Code’s automation to enable a one-click remote code execution and potentially trigger a supply chain attack.
Adversa describes how Claude Code’s acceptance dialog and the agent’s automatic, trusted execution can let a malicious GitHub repository spawn an un sandboxed OS process with the developer’s full privileges after a single Enter, creating a long‑lived command-and-control or embedding malicious payloads in the project files. The issue could be particularly disastrous if used within a CICD pipeline, potentially distributing a weaponised tool widely.
Alex Polyakov, co-founder and CTO at Adversa[.]AI, told SecurityWeek that Claude Code is installed on many developer machines and that developers often clone unfamiliar repositories, making the attack plausible. The report notes that Anthropic has declined to act, arguing that user consent in the trust dialog is given when the folder is trusted, raising questions about informed consent.
The findings include proposed mitigations such as blocking enableAllProjectMcpServers, enabledMcpjsonServers and permissions[.]allow from settings files inside a project, and restricting these keys to scopes outside the repository, while also offering CICD-specific guidance. 7 May 2026.