News
SymJack Attack Turns AI Coding Agents Into Supply Chain Delivery Systems Via Malicious MCP Server Injection
Adversa AI disclosed SymJack, a supply chain attack that tricks AI coding agents into silently installing attacker-controlled MCP servers through disguised symlinks. Testing confirmed five major agents are vulnerable: Claude Code, Gemini CLI, Cursor Agent CLI, GitHub Copilot CLI, and Grok Build CLI. The attack requires only a single user-approved file copy to register a malicious MCP server that executes unsandboxed on restart, enabling SSH key theft, CI pipeline compromise, and malicious code deployment. Anthropic has already hardened Claude Code to resolve symlinks before approval.
Source
↳ Follow the thread