www.securityweek.com 7/9/2026, 9:26:44 AM · external

GhostApproval bug lets attackers trick AI developers via symlinks

GhostApproval bug lets attackers trick AI developers via symlinks
CyberSIXT Evidence Panel
Primary Source wiz.io

A new security vulnerability named **GhostApproval** has been discovered by Wiz, affecting several leading AI coding assistants like Claude Code and Amazon Q Developer. This attack exploits a longstanding issue with symbolic link (symlink) following, enabling attackers to manipulate files on developers' machines. GhostApproval allows attackers to create deceptive paths that lead to sensitive locations, potentially leading to remote code execution.

The researchers found that many AI tools fail to display the actual target in confirmation prompts, undermining Human-in-the-Loop security measures. Affected vendors including AWS and Google have confirmed the vulnerability and initiated patches, while others like Anthropic have implemented mitigations.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline