Back

AI Code Reviewers Vulnerable to Git Identity Spoofing Attack

Severity: High (Score: 64.5)

Sources: www.manifold.security, Theregister

Summary

A security demonstration revealed that the AI-powered code reviewer, Claude, can be tricked into approving malicious code by spoofing a trusted developer's identity using two simple Git commands. The attack exploits the way Git handles authorship metadata, allowing threat actors to impersonate recognized contributors. This vulnerability is not a flaw in Git itself, but rather a misuse of trust in commit metadata, which lacks sufficient verification controls. The incident highlights a broader issue where automated systems, like AI code reviewers, may prioritize author identity over the integrity of the code changes. The potential impact of such attacks is significant, as compromised code repositories can lead to malware delivery and substantial financial losses. The demonstration involved a workflow that auto-approved pull requests from recognized figures, illustrating how easily trust can be manipulated. Open-source projects increasingly rely on AI tools for code reviews, raising concerns about the security of these automated processes. The attack underscores the need for better verification mechanisms to prevent unauthorized code changes from being accepted. Key Points: • AI code reviewers like Claude can be deceived by spoofed Git identities. • The attack method involves two Git commands to impersonate trusted developers. • Automated review processes in open-source projects are vulnerable to identity manipulation.

Key Entities

  • Malware (attack_type)
  • Supply Chain Attack (attack_type)
  • Prompt Injection (attack_type)
  • Cline Supply Chain Compromise (campaign)
  • Lottie Player Supply Chain Compromise (campaign)
  • OpenClaw Cline Package Compromise (campaign)
  • Cline (company)
  • Lottie (company)
  • Cloudflare (company)
  • Cursor (company)
  • CWE-200 - Exposure of Sensitive Information (cwe)
  • CWE-287 - Improper Authentication (cwe)
  • CWE-798 - Use of Hard-coded Credentials (cwe)
  • CWE-862 - Missing Authorization (cwe)
  • T1059 - Command and Scripting Interpreter (mitre_attack)
  • T1195 - Supply Chain Compromise (mitre_attack)
  • T1567 - Exfiltration Over Web Service (mitre_attack)
  • Cloudflare Worker (tool)
  • Claude (tool)
  • Claude Code (tool)
  • Claude-code-action (tool)
  • CodeQL (tool)
  • GitHub (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed