A new report from Phantom Labs reveals a critical vulnerability in OpenAI's Codex, a coding assistant within ChatGPT. This flaw could enable attackers to steal GitHub OAuth tokens through command injection during branch name processing. Access to tokens could lead to broader GitHub compromises in enterprise settings. Researchers confirmed the issue extended to Codex's CLI and SDKs. Thankfully, OpenAI swiftly addressed the vulnerability with enhanced safeguards.
Phantom Labs warns about the need for rigorous security measures in AI coding environments as they integrate further into developer workflows.