Clawdbot just injected malware into your code ☠️☠️ Worst part? The attack is close to invisible, even to experienced engineers. Clawdbot can implement a code PR, just like claude code to solve issues with your app. But this is where it can plant malware in your codebase. With just a benign GitHub issue with an invisible payload, we managed to install a backdoor malware on your codebase Here's how we did it: 1. The attacker submits a GitHub issue with a jailbreak prompt hidden inside a URL hyperlink. Completely invisible to humans, visible to LLMs 2. Waited for the maintainer to assign this task to Clawdbot 3. Clawdbot reads the jailbreak in the GitHub issue. Now the Clawdbot agent is hijacked by the attacker and will act on the attacker's command. It plants the backdoor in a lock file, which most engineers don't check in code reviews. 4. The malicious URL in the lock file enables execution of attacker commands The takeaway? AI isn't just a tool, but rather a potentially corruptible insider agent that can be tricked to act against you. These LLM hijack problems are what we're looking to solve in
@edison_watch- we'll be announcing a new solution to these solutions soon! We'll be jailbreaking Clawdbot much more in the coming days - please comment👇 a workflow you use with Clawdbot, so we can show how that can enable an attacker to harm you