Decades-Old Bash Tricks Expose AI Coding Agents To Supply Chain Attacks
3 26Slashdot reader wiredmikey writes: AI security researchers have uncovered a structural security flaw dubbed GuardFall that allows decades-old Bash shell tricks to bypass safeguards in most open source AI coding agents. By exploiting shell behaviors such as quote removal and variable expansion, attackers can hide malicious commands in repositories, README files, Makefiles, or other content consumed by AI agents. If executed — particularly in auto-approve or CI environments—the commands can steal credentials, compromise developer systems, or enable software supply chain attacks. According to researchers at Adversa AI, the 11 popular open source AI coding agents tested, only one successfully blocked all of the Bash trick techniques.
3 comments
Re:cat food (Score: 5, Informative)
by commodore73 ( 967172 ) on Saturday July 04, 2026 @12:00PM (#66222270)
"That command is a classic example of a fork bomb.
:(): This defines a function named :.
... }: This defines the body of the function.
:|:: This calls the function : and pipes its output to another instance of the function :.
;: This terminates the function definition.
:: This final character executes the function for the first time, triggering the cycle.
What it does
When executed in a POSIX-compliant shell (like Bash), this command causes the system to rapidly consume all available resources by creating an exponential number of processes until the system crashes or becomes completely unresponsive.
Breakdown of the syntax
Here is how that cryptic string is interpreted by the shell:
{
&: This puts the function call into the background, so the parent process doesn't wait for it to finish.
Essentially, the function calls itself twice, and because it runs in the background, each call continues to spawn more copies of itself uncontrollably.
Important Warning
Do not run this command on your computer.
If you execute this, your system will likely become unresponsive, requiring a hard reboot to clear the process table and recover. On many modern Linux distributions, there are default security limits (ulimit) in place that prevent a single user from spawning enough processes to crash the entire system, but it is still highly inadvisable to test it."
Attitude (Score: 5, Insightful)
by glum64 ( 8102266 ) on Saturday July 04, 2026 @11:48AM (#66222252)
In my exerience, the share of programmers that (a) understand that shell is a programming language and not some weird command prompt, and (b) take the time and invest the effort required to learn it properly is surprisingly small.
What ???? (Score: 5, Insightful)
by jmccue ( 834797 ) on Saturday July 04, 2026 @04:08PM (#66222468)
1989 GNU rewrite of the original Linux Bourne Shell
After reading this line at the start of the article, I stopped reading. For people with their heads in the sand, Linux did not exist in 1989, inconceivable.