SECURITY researchers warn that AI coding assistants are eroding the long-standing endpoint fortress built over two decades of OS hardening, EDR and browser isolation, by demanding access to local files and configurations on developers’ machines. Oded Vanunu, chief technologist at Check Point Software, described a “new era” of client-side attacks and said AI agents can burrow through walls because they operate with high privileges and are often unchecked by security products that become effectively blind.
The findings include vulnerabilities in Claude Code (CVE-2025-59536), OpenAI Codex CLI (CVE-2025-61260), Cursor (CVE-2025-54136) and Google’s Gemini CLI, with the latter permitting malicious commands to be embedded in documentation files without user approval; these flaws enable code execution, MCP consent bypass and potentially remote command execution.
The research also notes that attackers can exploit configuration metadata in files such as .json, .env or .toml to prompt tool actions without human oversight, turning configuration into the new attack surface. This has led to recommendations for isolating AI coding tools, running automated tasks in sandboxes, and treating Configuration = Code as a zero-trust principle to reclaim the perimeter, according to Check Point Software.