The Briefing RoomJune 29, 2026via The Decoder
Claude Code runs a GitHub repo's hidden malware without verification, giving attackers full control
Why it matters
AI coding agents like Claude Code are now a supply-chain attack surface. As developers delegate repo setup to agents, attackers can use runtime code injection (DNS queries) to bypass both static analysis and AI verification, turning productivity tools into silent entry points.
Key signals
- Mozilla 0DIN platform identified vulnerability
- Attack vector: compromised GitHub repo + Claude Code automation
- Malware loads at runtime via DNS query (invisible to scanners and AI)
- No static code verification by AI agents
- Supply-chain risk via developer tooling
- Published June 2026
The hook
Claude Code just became a malware vector. Mozilla researchers showed how a single GitHub repo can hijack a dev machine—and the AI agent never sees it coming.
Security researchers at Mozilla's 0DIN platform have shown how a single compromised GitHub repo can take over a developer's machine the moment an AI coding tool like Claude Code runs its setup. The catch: the malicious code only loads at runtime via a DNS query, invisible in the repo, to scanners, and to the AI agent itself.