As reported by The Register, security researchers have demonstrated a weakness in AI-powered code review systems, specifically Anthropic's Claude. The AI can be tricked into approving malicious code by exploiting how it processes developer identity within Git.Manifold Security showcased how an AI code reviewer, using Claude, accepted malicious code changes due to spoofing of a trusted developer's identity. By manipulating author name and email in Git, the team made a commit appear to originate from a legitimate source. This fake identity was then passed through an automated review process, where the AI model approved the changes without independent verification of the code's integrity. This is not a flaw in Git itself, but rather in the trust placed on easily faked commit metadata by AI systems. In the test, the workflow was configured to auto-approve requests from "recognized industry legends," highlighting how implicit trust rules can be exploited.While automating reviews for popular open-source projects can alleviate maintainer workload, relying solely on author identity as a trust signal is insufficient. Unlike human reviewers who might question unusual changes, AI models can be consistently fooled by spoofed credentials, according to Manifold. This creates a pathway for threat actors to inject malicious code into repositories, bypassing security controls.Source: The Register
