One keypress is all it takes to compromise four AI coding tools (www.helpnetsecurity.com)

Research from Adversa AI unveils significant security vulnerabilities in four popular AI coding tools—Claude Code, Gemini CLI, Cursor CLI, and GitHub’s Copilot CLI—highlighting how a single keystroke can enable malicious code execution. These tools interact with project configuration files using a feature called Model Context Protocol (MCP). When a developer opens a project and hits Enter on the default “yes” prompt, they unknowingly grant permission for potentially harmful helper programs defined in those files to run, jeopardizing their machine and sensitive data like SSH keys and cloud credentials. The implications for the AI/ML community are profound, raising concerns about trust and safety in coding environments increasingly reliant on AI assistance. The research stresses that while organizations can implement enhanced security measures through managed settings that restrict auto-approval of MCP commands, these options are rarely utilized. Anthropic, the creator of Claude Code, maintains that the consent process functions as intended, yet the dialog's lack of clarity around MCP risks presents a real challenge for developers, many of whom may not fully understand the ramifications of their trust decisions.