ronyutevsky

2 Results / Page 1 of 1

May 26, 2026

Agentic AI Security + Research Rony Utevsky

SymJack: the approval prompt is lying to you. A symlink-hijack RCE in five AI coding agents

A prompt injection and symlink attack tricks AI coding assistants into RCE through a disguised file copy. We tested five major tools. All were vulnerable. How it works and how to defend.

May 7, 2026

Agentic AI Security + Research Rony Utevsky

TrustFall: coding agent security flaw enables one-click RCE in Claude, Cursor, Gemini CLI and GitHub Copilot

A regression in the Claude Code trust dialog and a settings-scope inconsistency let a cloned repo run unsandboxed code with one keypress, and on CI runners with none. Learn why this type of issues keep surfacing and what are possible mitigations.

ronyutevsky

SymJack: the approval prompt is lying to you. A symlink-hijack RCE in five AI coding agents

TrustFall: coding agent security flaw enables one-click RCE in Claude, Cursor, Gemini CLI and GitHub Copilot

Trusted AI Security

Explore Our Blog

Featured Post

Universal LLM Jailbreak: ChatGPT, GPT-4, BARD, BING, Anthropic, and Beyond

Latest Posts

SymJack: the approval prompt is lying to you. A symlink-hijack RCE in five AI coding agents

OWASP ASI02: tool misuse and exploitation — the definitive security guide

AI risk management insurance is tightening. Cyber insurance history shows exactly where it ends up.

Top GenAI security resources — May 2026

TrustFall: coding agent security flaw enables one-click RCE in Claude, Cursor, Gemini CLI and GitHub Copilot

Top MCP security resources — May 2026

Top Agentic AI security resources — May 2026

AI-driven exploitation is here: what Mythos proved and what comes next

We broke GPT-5.4 safety with 10 examples and 2 words using a new attack technique — IICL

Red teaming agentic AI: should you go manual, in-house, or continuous?

Adversa AI wins Artificial Intelligence Excellence award in Safety and Alignment category

OWASP ASI01 — Agent Goal Hijack: a practical security guide