BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Microsoft Found Vulnerability in Anthropic’s Claude Code

Microsoft finds AI vulnerability where GitHub comments can steal credentials.

  • Microsoft researchers discovered a Claude Code vulnerability where attack instructions in GitHub comments could manipulate the AI.
  • The flaw could have exposed sensitive API keys and cloud credentials stored in software development pipelines.
  • Anthropic patched the issue in May after Microsoft disclosed it, highlighting new risks from AI agents in CI/CD workflows.
  • Prompt injection attacks represent a major emerging threat, where AI agents are tricked into following hidden, malicious commands.

Microsoft security researchers revealed in June 2025 that a now-patched vulnerability in Anthropic‘s Claude Code GitHub Action could have let attackers steal credentials by manipulating the AI agent with malicious instructions hidden in GitHub issues or pull requests. This incident underscores the novel security risks that AI coding assistants introduce into sensitive software development environments.

- Advertisement -

The researchers, who detailed their findings in a blog post, warned that CI/CD workflows often contain valuable secrets like API keys. They began their investigation after observing real-world prompt injection attempts in public repositories using various AI-assisted workflows.

Consequently, this type of attack exploits the fact that natural language instructions for AI can function as executable code. The team proved the flaw by creating a GitHub workflow where malicious prompts, hosted on a controlled domain, bypassed Claude’s safety mechanisms.

Specifically, the attack tricked the AI into reading and altering sensitive credentials to evade detection tools. Microsoft stated, “We obscured the shell payload behind a response from our controlled domain” to bypass the AI’s refusal safety features.

Anthropic resolved the security flaw on May 5 with an updated version of Claude Code. The patch followed responsible disclosure through HackerOne on April 29, after Microsoft demonstrated how a determined attacker could potentially exfiltrate production credentials.

- Advertisement -

Meanwhile, prompt injection has emerged as a critical threat for AI agents that process untrusted inputs. The report concluded that we are entering an era where a single crafted comment can compromise an entire system if trust boundaries are misunderstood.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

ViteVenom: 7 Malicious npm Packages Target Vite Ecosystem

Researchers at Checkmarx uncovered the ViteVenom campaign, a software supply chain attack using seven...

SpaceX Stock Future: Starlink Profit vs $5B Loss & $2.1T Valuation

Starlink is profitable and growing, generating $11.4 billion in revenue in 2025 and making...

China’s Moonshot AI Launches Kimi K3, Triggering Global Tech Selloff

Moonshot AI launched Kimi K3 on Thursday, a 2.8-trillion-parameter open-weight model that ranked alongside...

Nebius Secures $775M Loan Backed by Deployed GPU Hardware

Nebius secured a $775 million senior secured debt facility backed by GPU hardware and...

Bitcoin dips below $62.5K as US-Iran war, stocks slide at Wall Street open

Bitcoin dipped below $62,500 at Friday’s Wall Street open as escalating US-Iran tensions dragged...

Must Read

7 Best Audiobooks on Cybersecurity

Cybersecurity has become an essential topic in our increasingly digital world. As technology evolves and becomes more integrated into our daily lives, the importance...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading