Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.
via beyondtrust.com
Short excerpt below. Read at the original source.
On March 30, BeyondTrust proved that a crafted GitHub branch name could steal Codex’s OAuth token in cleartext. OpenAI classified it Critical P1. Two days later, Anthropic’s Claude Code source code spilled onto the public npm registry, and within hours, Adversa found Claude Code silently ignored its own deny rules once a command exceeded 50 […]