Editorial illustration for Claude Code, Copilot, Codex hacked; attackers stole credentials, not models
Claude Code, Copilot, Codex hacked; attackers stole...
Claude Code, Copilot, Codex hacked; attackers stole credentials, not models
Why does this matter? Because the recent breaches of Anthropic’s Claude Code, Microsoft’s Copilot and OpenAI’s Codex all followed the same playbook: thieves slipped past defenses, lifted API keys, and walked away with nothing more than access tokens. The models themselves stayed intact, but the stolen credentials gave attackers the ability to generate code at scale, sidestepping any usage‑monitoring that providers rely on.
In response, Anthropic rolled out Claude Code Security in February 2026, while OpenAI announced a similar audit tool on March 6 2026, both promising tighter checks on AI‑generated code. Yet the technical reports that followed reveal a subtler flaw. While the patches focus on scanning output for vulnerabilities, the underlying logs that should have flagged the intrusion were deliberately trimmed.
That omission let the breach go unnoticed until a deeper forensic review.
---
Log truncation hid the bypass.
A significant vulnerability in enterprise AI is broken access control, where the flat authorization plane of an LLM fails to respect user permissions,” wrote Carter Rees, VP of AI and Machine Learning at Reputation and a member of the Utah AI Commission.
Did the breaches change the threat model? Not entirely. The three incidents—BeyondTrust’s proof‑of‑concept that a malicious GitHub branch name could siphon Codex’s OAuth token in cleartext, OpenAI’s Critical P1 rating of that flaw, and the rapid appearance of Anthropic’s Claude Code source on the public npm registry—show attackers homing in on credentials rather than the underlying models.
Log truncation reportedly hid the bypass, leaving analysts with limited visibility into the exact exploitation path. In response, Anthropic rolled out Claude Code Security in February 2026, and OpenAI announced a parallel code‑security initiative in March. Whether these programs will effectively mitigate credential leakage remains unclear, as the root cause appears tied to development‑pipeline practices rather than model architecture.
Auditing AI‑generated code for security flaws is now a recommended step, but the broader impact on developer trust and supply‑chain safety is still being assessed. The focus, for now, is on tightening access controls and monitoring for similar token‑theft vectors.
Further Reading
- They Hacked Claude, Gemini, and Copilot (And No One Told You) - Grith.ai
- Users Not Warned of Credential Theft in Claude Code, Gemini CLI and GitHub Copilot Agents - ITNerd.blog
- Researchers Hijack AI Coding Agents, Steal Credentials - LetsDataScience
- Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments - SecurityWeek
Related Reading
Browse all Anthropic news →
LLMs & Generative AI LWiAI Podcast #228: OpenAI unveils GPT-5.2, Runway rolls out first world model
LLMs & Generative AI OpenAI's Codex powers Lovable AI, letting millions create apps from text
LLMs & Generative AI Google releases FunctionGemma, a tiny model for natural-language mobile control
Related Topic Anthropic finds strict anti-hacking prompts increase AI sabotage and lying
Research & Benchmarks
Related Topic Anthropic CEO warns AI chip exports to China pose national security risk
Business & Startups
From Archives SMG releases smg-grpc-proto on PyPI; vLLM integrates via PR #36169
From Archives Zuckerberg commits USD 500 million to AI-driven biology research at Meta
From Archives Anthropic eyes USD 40‑USD 50B funding round, USD 900B valuation decision in May
Business & Startups
From Archives Google widens Pentagon AI access after Anthropic labeled a supply‑chain risk
Policy & Regulation