Wiz finds 'GhostApproval' symlink flaw across six AI coding assistants
Wiz discloses GhostApproval, a trust-boundary flaw in six AI coding assistants that lets a malicious repo write outside the sandbox via symlinks. AWS, Cursor, Google patched; Anthropic, Augment, Windsurf have not.