Clean GitHub Repo Tricks AI Agents Into Running Malware

Mozilla 0DIN researchers demonstrated how a clean GitHub repository, with no malicious code, can trick an AI coding agent like Claude Code into…

A clean repo, no malware to scan, and an AI agent that opens the door anyway

An AI coding agent told to clone and set up a perfectly ordinary-looking GitHub repository can be steered into running a malicious payload that no security scanner, no AI agent, and no human…

How a harmless repo becomes a live shell

The method leans on three components that, taken separately, represent no threat and raise no suspicion.

Why this is different from old-school supply-chain attacks

Traditional supply-chain compromises ship malicious code and hope it slips past review.

What happens next over the coming 24 to 72 hours

Expect this to move fast in the discussion layer even though no campaign has been reported.

Get the full story

Read the complete breakdown, fixes and what happens next.