‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems

https://www.securityweek.com/wp-content/uploads/2023/01/Cybersecurity_News-SecurityWeek.jpg

Trust and automation are key to many attacks; and trust with automation is inherent in the use of AI coding agents.

Malicious repositories are a frequent factor in many supply chain attacks, estimated at between 20% and 40%. Such repositories can be used to fool a developer using an AI coding agent into generating bad code that can silently slip into the CI pipeline. That is just one possibility of the SymJack attack described by Adversa AI.

The attack requires three elements: attacker control of the coding agent repo, a ready-made malicious MCP server, and a developer’s use of an AI coding tool.

Adversa has named the attack SymJack, because it hijacks a symlink within the code development process, renames it to something that looks innocuous but redirects to the malicious MCP, and builds the attacker’s instruction into the finished code.

The attack chain starts with an attacker’s control of...

Copyright of this story solely belongs to securityweek.com. To see the full text click HERE

Read more