SiliconANGLE

OpenAI Codex vulnerability enabled GitHub token theft via command injection, report finds

A critical vulnerability in OpenAI Group PBC’s Codex coding agent could have exposed sensitive GitHub authentication tokens through a command injection flaw, according to a new report out today from ...
The Next Web

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

In short:Security researcher Aonan Guan hijacked AI agents from Anthropic, Google, and Microsoft via prompt injection attacks on their GitHub Actions integrations, stealing API keys and tokens in each ...
Tech Times

GitHub Copilot CLI Adds Pre-Commit Security Scanner: LLM Inference at the Detection Layer

GitHub Copilot security scanning arrives in the terminal with /security-review, an experimental pre-commit slash command that uses LLM inference to flag injection flaws, XSS, path traversal, and weak ...