7 Top AI Agents Tricked by Malicious Code
TL;DR: AI agents are not magic; they fall for the same social engineering that tricks humans. We reverse-engineered seven popular coding and security AI agents and found they can be poisoned through YAML, natural language prompts, and even embedded invisible characters. Evasion techniques include zero-width joiner obfuscation , prompt injection , dependency confusion , and silent deserialization payloads . Defensive snippets and detection rules follow. Mitigation starts with treating AI agent output as untrusted and hard‑coding policy at the scanner layer. Cracking open a pipeline and watching a supposed guardrail AI agent run an attacker’s code is a sobering moment. I’ve seen it happen inside a locked‑down Kubernetes namespace where the only moving parts were the SAST scanner, a secrets‑detection engine, and the code itself. The agent wasn’t stupid – it was just too helpful . That’s the vulnerability. We’ll walk through exactly how seven top AI agents can be tricked i...