A new round of disclosures shows AI coding agents are failing at one core security principle: broken access control via credentials. Exploits across Codex, Claude Code, Copilot, and Vertex AI repeatedly steal OAuth or service-account tokens, then act in production without a human session binding the request. Researchers warn defenders focused on CVEs while attackers target runtime identities.
Swipe through stories, personalise your feed, and save articles for later — all on the app.
