Y
Hacker News
new
|
ask
|
show
|
jobs
by
zingababba
303 days ago
Apparently they were using --dangerously-skip-permissions, --yolo, --trust-all-tools etc. The Wiz post has some more details -
https://www.wiz.io/blog/s1ngularity-supply-chain-attack
1 comments
CER10TY
303 days ago
That's a good catch. I knew these flags existed, but I figured they'd require at least a human in the loop to verify, similar to how Claude Code currently asks for permission to run code in the current directory.
link