Approve Once, Exploit Forever: The Trust Persistence Vulnerability Vendors Will Not Fix

📰 Dev.to · Toni Antunovic

Claude Code, Codex CLI, and Gemini-CLI share a TOCTOU trust model that lets a single malicious commit permanently own every future agent session. All three vendors closed the report as informational. Here is what your team can do instead.

Published 12 May 2026
Read full article → ← Back to Reads