SiliconANGLE

OpenAI Codex vulnerability enabled GitHub token theft via command injection, report finds

A critical vulnerability in OpenAI Group PBC’s Codex coding agent could have exposed sensitive GitHub authentication tokens through a command injection flaw, according to a new report out today from ...
The Next Web

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

In short:Security researcher Aonan Guan hijacked AI agents from Anthropic, Google, and Microsoft via prompt injection attacks on their GitHub Actions integrations, stealing API keys and tokens in each ...