Claude Code · Anthropic · Microsoft · AI Agent · Claude · GitHub · Decrypt
Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Confirms Microsoft
Compiled by KHAO Editorial — aggregated from 1 source. See llms.txt for citation guidance.
★ Tier-1 Source
Microsoft researchers disclosed a now-patched vulnerability in Anthropic's Claude Code GitHub Action that could have allowed attackers to expose credentials stored in software development pipelines by manipulating the AI agent through malicious GitHub content.
Key facts
- Anthropic patched the flaw on May 5 with Claude Code version 2.1.128 after Microsoft disclosed the vulnerability through HackerOne on April 29
- Launched in October, Claude Code is Anthropic's AI coding agent for software development tasks
- Microsoft warned that AI coding agents running inside CI/CD workflows may create new security risks because those environments often have access to API keys, cloud credentials, and other sensitive
- Microsoft researchers disclosed a now-patched vulnerability in Anthropic's Claude Code GitHub Action that could have allowed attackers to expose credentials stored in software development pipelines
Summary
Microsoft researchers found that Anthropic's Claude Code GitHub Action could be manipulated through prompt injection attacks. The attack relied on malicious instructions hidden in GitHub issues, pull requests, or comments that the AI agent was asked to review. Anthropic patched the vulnerability in May after Microsoft disclosed the issue through HackerOne. Microsoft warned that AI coding agents running inside CI/CD workflows may create new security risks because those environments often have access to API keys, cloud credentials, and other sensitive information.