The Briefing RoomJune 29, 2026via The Decoder

Claude Code runs a GitHub repo's hidden malware without verification, giving attackers full control

Why it matters

AI coding agents like Claude Code are now a supply-chain attack surface. As developers delegate repo setup to agents, attackers can use runtime code injection (DNS queries) to bypass both static analysis and AI verification, turning productivity tools into silent entry points.

Key signals

  • Mozilla 0DIN platform identified vulnerability
  • Attack vector: compromised GitHub repo + Claude Code automation
  • Malware loads at runtime via DNS query (invisible to scanners and AI)
  • No static code verification by AI agents
  • Supply-chain risk via developer tooling
  • Published June 2026

The hook

Claude Code just became a malware vector. Mozilla researchers showed how a single GitHub repo can hijack a dev machine—and the AI agent never sees it coming.

Security researchers at Mozilla's 0DIN platform have shown how a single compromised GitHub repo can take over a developer's machine the moment an AI coding tool like Claude Code runs its setup. The catch: the malicious code only loads at runtime via a DNS query, invisible in the repo, to scanners, and to the AI agent itself.

Get stories like this every Friday.

The 5 AI stories that matter — free, in your inbox.

Free forever. No spam.