Vulnerabilities4 min read
GhostApproval: Symlink Flaw Lets Malicious Repos Escape AI Coding Sandboxes
Wiz researchers discover six major AI coding assistants vulnerable to symlink attacks. Malicious repos can trick Claude Code, Cursor, and Amazon Q into writing files outside designated workspaces.
Marcus ChenJul 10, 2026