{
  "$schema": "https://themachinepress.com/schemas/story-v1.schema.json",
  "schema_version": "1.0.0",
  "document_type": "machine_press_story",
  "story": {
    "story_id": "mp-2026-07-10-006",
    "source_story_id": "tmp-story-friendly-fire",
    "edition_id": "mp-2026-07-10-morning-0001",
    "edition_url": "https://themachinepress.com/edition/2026-07-10",
    "position": 6,
    "story_type": "dispatch",
    "section": "safety-security",
    "editorial_classification": "editorial",
    "headline": "The Security Reviewer Can Become the Entry Point",
    "slug": "the-security-reviewer-can-become-the-entry-point",
    "dek": "A proof of concept shows coding agents in autonomous modes executing attacker-controlled material while inspecting an untrusted repository.",
    "summary": "A proof of concept shows coding agents in autonomous modes executing attacker-controlled material while inspecting an untrusted repository.",
    "body_text": "AI Now researchers Boyan Milanov and Heidy Khlaaf demonstrated what they call Friendly Fire: prompt injections in a third-party codebase led Claude Code and Codex configurations with autonomous command approval enabled to run attacker-controlled code during a security review. The finding is configuration-specific, not evidence that every interactive review is compromised. Its practical lesson is broader: untrusted repositories should be isolated, and automatic execution should not be treated as a neutral extension of code reading.",
    "why_it_matters": "A proof of concept shows coding agents in autonomous modes executing attacker-controlled material while inspecting an untrusted repository.",
    "limitations": [
      "The finding is configuration-specific, not evidence that every interactive review is compromised.",
      "Its practical lesson is broader: untrusted repositories should be isolated, and automatic execution should not be treated as a neutral extension of code reading."
    ],
    "importance": 8,
    "canonical_url": "https://themachinepress.com/story/mp-2026-07-10-006/the-security-reviewer-can-become-the-entry-point",
    "json_url": "https://themachinepress.com/story/mp-2026-07-10-006.json",
    "first_published_at": "2026-07-10T09:00:00.000-04:00",
    "modified_at": "2026-07-10T10:47:01.000-04:00",
    "content_status": "new",
    "is_carryover": false,
    "carryover_reason": null,
    "key_claims": [
      {
        "claim_id": "claim-mp-2026-07-10-006-001",
        "text": "A proof of concept shows coding agents in autonomous modes executing attacker-controlled material while inspecting an untrusted repository.",
        "source_ids": [
          "source-2026-07-10-006"
        ],
        "qualification": "The finding is configuration-specific, not evidence that every interactive review is compromised."
      }
    ],
    "source_ids": [
      "source-2026-07-10-006"
    ],
    "tags": [
      "prompt injection",
      "coding agents",
      "Codex",
      "Claude Code",
      "sandboxing"
    ],
    "image_url": "https://themachinepress.com/issues/2026-07-10/bank-data-center-server-aisle-001.webp",
    "corrections": []
  },
  "sources": [
    {
      "source_id": "source-2026-07-10-006",
      "title": "The Hacker News: Friendly Fire proof of concept",
      "publisher": "thehackernews.com",
      "url": "https://thehackernews.com/2026/07/friendly-fire-ai-agents-built-to-catch.html",
      "canonical_url": "https://thehackernews.com/2026/07/friendly-fire-ai-agents-built-to-catch.html",
      "source_type": "secondary_reporting",
      "is_primary_source": false,
      "published_at": "2026-07-08T20:00:00.000-04:00",
      "accessed_at": "2026-07-10T08:23:43.388-04:00",
      "supports_claim_ids": [
        "claim-mp-2026-07-10-006-001"
      ]
    }
  ],
  "corrections": [],
  "publisher": {
    "name": "The Machine Press",
    "url": "https://themachinepress.com",
    "description": "A daily newspaper for the age of artificial intelligence."
  },
  "cite_this_report": {
    "title": "The Security Reviewer Can Become the Entry Point",
    "publisher": "The Machine Press",
    "published_at": "2026-07-10T09:00:00.000-04:00",
    "canonical_url": "https://themachinepress.com/story/mp-2026-07-10-006/the-security-reviewer-can-become-the-entry-point"
  }
}
