Claude Code, Copilot and Codex All Got Hacked. Every Attacker Went for the Credential, Not the Model.

The recent string of vulnerabilities across Codex, Claude Code, Copilot and Vertex AI highlights a new attack surface: the credentials embedded in AI coding agents. Unlike traditional software bugs that affect output, these flaws let malicious inputs hijack the agents’ OAuth tokens or service‑account keys, granting attackers unfettered access to repositories, cloud storage, and internal services. The root cause is a design assumption that the AI model is the only risk, while the runtime environment and its identity are left unchecked. As researchers showed, a crafted Git branch name, a pull‑request description, or a command chain longer than fifty sub‑commands can silently bypass sanitization, allowing credential theft in seconds.

Enterprises must shift from "approved AI vendor" to "approved AI identity." Inventorying every AI coding agent, mapping its credential scope, and treating its inputs as untrusted are now essential controls. Least‑privilege service accounts, token rotation, and integration with PAM/CIEM platforms can limit the blast radius of a compromised agent. Vendors are responding with patches, but the speed of exploitation—often within 72 hours—means organizations need proactive governance, not reactive fixes. Auditing IAM policies, enforcing strict OAuth scopes, and separating code‑generation from deployment privileges can break the chain that lets an agent act on behalf of a human without a session anchor.

The broader industry implication is a call for standardized identity management for non‑human actors. As AI assistants become ubiquitous in development pipelines, regulators and standards bodies are likely to require explicit lifecycle controls for agent credentials, similar to those for human privileged accounts. Companies that adopt CIEM, enforce credential least‑privilege, and demand transparent vendor policies will reduce exposure and maintain trust in AI‑driven development. Ignoring the credential layer not only endangers code integrity but also opens a direct pathway to critical infrastructure, making robust AI agent governance a strategic imperative for any modern enterprise.