TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

Security researchers at Manifold Security demonstrated that Anthropic's Claude can be tricked into approving malicious code by spoofing a trusted developer's Git identity using just two Git commands. By forging commit author metadata, the team made hostile changes appear to originate from a known maintainer, causing the AI-powered code reviewer to auto-approve them. The vulnerability isn't in Git itself — commit metadata has always been easy to fake — but in AI reviewers that treat author identity as a trust signal rather than independently evaluating the code. Manifold warns that open source projects increasingly relying on AI-powered PR review are exposed to supply chain attacks via this vector, and that guardrails must exist outside the model itself.

Git identity spoof fools Claude into giving bad code the nod