Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft
Researchers found prompt-injection vectors that let AI coding agents retrieve credentials from development pipelines and repositories. In crypto, leaked API keys or deploy secrets could enable exchange account takeovers, malicious contract deployments or oracle manipulation, likely prompting audits and tighter access controls.
Researchers say prompt injection attacks could manipulate AI coding agents to access sensitive credentials stored in software development pipelines.
Why it matters
Exposed pipeline secrets directly increase operational attack surface for exchanges, custodians and DeFi teams, which raises short-term risk sentiment and encourages security reviews that can slow deployments.
What could go wrong
Widespread market impact is limited unless active exploits emerge; many teams can mitigate by rotating secrets and applying patches, so the story may remain a developer/security headache rather than a market mover.