One Command Turns Any Repo Into AI Backdoor

GENERATIVE AI SUPPLY CHAIN THREAT May 05, 2026 venturebeat

Researchers at the University of Hong Kong launched CLI-Anything in March, a tool that generates structured command line interfaces allowing AI coding agents to operate any open-source repository with a single command. It has amassed over 30,000 GitHub stars and supports major platforms including Claude Code, Codex, and GitHub Copilot CLI. However, the same mechanism enabling agent-native software creates a new attack surface. The tool generates SKILL.md files, the same instruction-layer artifacts previously found laced with 76 confirmed malicious payloads. Security researchers warn no existing supply-chain scanner has a detection category for this type of threat.

Read the original article →

Google Launches Gemini Smart Glasses to Rival Meta

NEW AI SMART GLASSES LAUNCH May 22, 2026

One Command Turns Any Repo Into AI Backdoor

Related Articles

Google Launches Gemini Smart Glasses to Rival Meta

Bybit Launches AI Sub-Account For Safer Trading

Alphabet and NVIDIA's AI Rivalry Intensifies

GitHub Loses AI Coding Edge to Newer Rivals