Link preview
Spoofed Git Identity Fools AI Code Reviewer | Manifold - Manifold Security
Two git config commands are enough to impersonate a trusted developer and trick AI code review agents into approving malicious pull requests. Vertical blog.rduffy.uk · manifold.security
Every AI coding agent signs its commits with a forgeable plain-text line. I gave each of mine a non-exportable key in the Mac's Secure Enclave, hook-enforced, with a verifier that flags forgery — here's the build.
Comments