Critical OpenAI Codex Flaw Exposes GitHub Tokens to Attackers

Severity: High (Score: 70.5)

Sources: Technadu, Opentools.Ai, Tech.Yahoo

Summary

A critical command injection vulnerability in OpenAI's Codex has been discovered, allowing attackers to steal GitHub OAuth tokens from developers. The flaw originated from improper input validation during the branch name processing in Codex's cloud infrastructure. Security researchers from BeyondTrust Phantom Labs identified that malicious actors could inject shell commands via branch names, leading to unauthorized access to sensitive credentials. This vulnerability affected not only the Codex tool but also its command-line interface, SDK, and IDE integrations. OpenAI has since patched the issue, implementing stronger input validation and token controls. The incident highlights the increasing security risks associated with AI coding agents in development environments. Organizations are urged to treat AI execution containers as defined security boundaries and enforce strict access protocols. This incident serves as a cautionary tale regarding the security of AI tools in software development. Key Points: • OpenAI Codex vulnerability allowed theft of GitHub OAuth tokens through command injection. • The flaw was due to improper input validation in branch name processing. • OpenAI has patched the vulnerability, but risks associated with AI tools remain significant.

Key Entities

• Data Breach (attack_type)
• Zero-day Exploit (attack_type)
• BeyondTrust (tool)
• Codex CLI (tool)
• OpenAI Codex (tool)
• GitHub (platform)
• ChatGPT (platform)
• Codex IDE Integration (platform)
• Codex SDK (platform)
• OpenAI (company)
• claude.ai (domain)
• T1021 - Remote Services (mitre_attack)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1059 - Command and Scripting Interpreter (mitre_attack)
• Claudy Day (campaign)