GhostApproval Vuln Exposes Systemic AI Coding Tool Flaw: Symlink Bypass in Human Review
Wiz Research discloses GhostApproval vulnerability affecting six major AI coding tools (Claude Code, Codex, Cursor, Amazon Q, Antigravity). Attackers use symlinks to bypass human review, achieving persistent remote access. The flaw reveals fundamental UI-level security gaps in Human-in-the-Loop mechanisms as agent permissions expand, requiring a redesign of confirmation workflows.