AI & TechArtificial IntelligenceCybersecurityNewswireTechnology

Old Trick Still Works: AI Coding Tools Hacked via Decades-Old Technique

Originally published on: July 10, 2026
▼ Summary

– Wiz has disclosed details of a new AI coding assistant attack method called GhostApproval.
– The attack method is based on a decades-old technique.

Security researchers at Wiz have revealed a novel attack technique targeting AI-powered coding assistants, which they call GhostApproval. The method exploits a vulnerability that has been known for decades, proving that even cutting-edge tools remain susceptible to older, well-understood security flaws.

The attack works by manipulating how AI coding tools process and approve code suggestions. By crafting malicious inputs that mimic legitimate commands, an attacker can trick the assistant into executing harmful actions on a developer’s machine. This can lead to unauthorized access, data exfiltration, or the injection of backdoors into software projects.

According to Wiz’s findings, the weakness lies not in the AI’s core intelligence but in the trust model that governs how suggestions are accepted and run. The tool’s automated approval mechanism, designed to boost productivity, can be subverted through carefully engineered prompts. This allows an attacker to bypass human review and deploy code that compromises the developer’s environment.

The technique leverages a classic principle: if a system blindly trusts user input or commands without proper validation, it can be exploited. In this case, the AI assistant’s code execution pipeline becomes the vector, turning a helper into a potential threat. Wiz emphasizes that this is not a theoretical risk but a practical attack that could be used in real-world supply chain compromises.

Developers and organizations using these tools are advised to implement stricter approval workflows and verify the source of code suggestions. The report underscores that while AI coding assistants offer immense efficiency gains, they also introduce new attack surfaces that require careful management. The GhostApproval method serves as a reminder that fundamental security principles, such as least privilege and input sanitization, remain critical even in the age of generative AI.

(Source: Securityweek.com)

Topics

ai security 95% ghostapproval attack 95% cyber attack methods 90% coding assistants 85% tool vulnerabilities 85% developer security 80% ai misuse 80% vulnerability disclosure 75% AI in Software Development 70% decades-old techniques 65%