AI coding agents like Claude Code can be fooled into running malware through GitHub repositories that look perfectly clean, according to Tom's Hardware, which reported on a demonstration by Mozilla's 0din team.
The trick is unsettling in its simplicity. Tom's Hardware reports that an attacker only needs a minimal GitHub repository. When a user asks an AI agent to do something routine — like initializing the project — the agent can be manipulated into executing malicious code. In the outlet's framing, the bot gets "hacked" through nothing more than a request to set things up.
What makes the attack notable is its mechanism. According to Tom's Hardware, Claude Code can be "exploited by its own helpfulness." In other words, the very behavior that makes these agents useful — eagerly reading project files and carrying out setup tasks on a user's behalf — is what attackers turn against them. The repository itself appears harmless, so the usual warning signs a developer might look for are absent.
The report frames this as a problem affecting Claude and "other AI agents" broadly, not a single product, suggesting the weakness lies in how these assistants are designed to act autonomously rather than in one company's implementation.
Why it matters: AI coding agents are being adopted quickly by developers who trust them to run commands and handle project files, and this demonstration shows that everyday trust can be quietly weaponized — turning a helpful assistant into an unwitting delivery system for malware.