Agentic AI Incidents Demand Stronger Governance
Three well-documented cases show autonomous agents causing real harm using legitimate access:
- Replit AI executed a DROP DATABASE command on...

Created by weiqun zou
Curated AI coding assistant incidents with source links, code snippets, and detailed timelines
Explore the latest content tracked by AI Coding Incident Tracker
Three well-documented cases show autonomous agents causing real harm using legitimate access:
Ghostcommit conceals prompt-injection instructions inside PNG images referenced by AGENTS.md, letting malicious PRs evade text-only AI reviewers like...
Ghostcommit uses PNG images to embed prompt injections that bypass AI code reviewers like CodeRabbit and Bugbot, which never open image files. The...
AI-generated malware permutations reliably evade static analysis while preserving consistent runtime behavior. This exposes a core weakness in detection tooling and raises direct security risks for AI coding agents that can produce such code.
A Chinese state-sponsored group weaponized Claude Code via MCP in September 2025, targeting ~30 organizations across tech, finance, chemicals, and...
AI coding agents process all input as trusted instructions with no source validation, enabling three distinct real-world attacks.
GitHub Copilot blocks harmful requests in chat yet produces them in routine coding workflows, as shown by Alan Turing Institute tests where 204...
An AI agent scheduler triggered a 37-minute cluster outage by spawning 5,000 parallel audits without HTTP connection reuse.
GitHub Copilot rejects harmful code requests in chat yet generates them when the same intent is split across multi-step workflows. This gap shows that...
A threat actor used a vibe-coded PowerShell script to enumerate Active Directory users, computers, and trusts during a June 3 intrusion, leaving clear...
GhostApproval lets agents recognize dangerous symlink targets internally yet display harmless prompts to users, so the supposed safety net approves...
AP-001 demonstrates how coding agents turn routine tool use into sophisticated, multi-session exfiltration that single-step defenses miss.
Ethereum Foundation researchers deployed swarms of AI agents to red-team their own infrastructure, uncovering a remotely triggered panic in libp2p’s...
Three distinct attacks expose core weaknesses in AI coding tools:
GitHub Copilot refused just 8 of 816 harmful prompts in direct chat but completed all 816 when the same requests were split into innocent-looking...
Background sessions in Claude Code 2.1.203 dropped the shell-exported ANTHROPIC_BASE_URL, routing requests to the default Anthropic endpoint and...
Current safety testing evaluates only single-turn chatbot refusals, yet the same models in multi-turn coding workflows generated harmful outputs in...