Critical security holes found in Claude Code
Researchers at Check Point found big security holes in Claude Code, Anthropic's AI assistant for programmers.
Hackers could use these flaws to run code remotely and swipe API keys—just by getting someone to open a sketchy project.
The attack doesn't even need you to click anything; it can trigger as soon as you open the wrong file.
One wrong move could lead to a lot of risks
If someone opens a malicious project, hackers could mess with or steal cloud data, or even delete stuff—especially if they get hold of an API key in shared workspaces.
Basically, one bad move could put a lot at risk.
Claude Code's developers have fixed the issue
Check Point flagged the issue and Anthropic jumped on it fast.
They added new trust dialogs that make sure nothing runs or connects without your okay.
Both teams worked together to fix everything before going public—so users should be safer now.