Start your day with intelligence. Get The OODA Daily Pulse.

Home > Briefs > Cyber > Decades-Old Bash Tricks Expose AI Coding Agents to Supply Chain Attacks

Decades-Old Bash Tricks Expose AI Coding Agents to Supply Chain Attacks

Bash (Bourne Again SHell), the 1989 GNU rewrite of the original Linux Bourne Shell, can still cause problems more than three decades later through its Bash Tricks. Adversa AI has discovered a structural security flaw in multiple open source AI agents. It’s not a specific bug but a process that can get malicious Bash instructions ingested into the agent, and from there into whatever the agent does – typically with the operator’s approval. Adversa calls this structural issue GuardFall. “We tested eleven popular open source agents, including Hermes, OpenCode, Roo-code, and others,” explains Omer Ben Simon, lead researcher at Adversa AI. “Ten leave the gap open in one of four ways; and only one closes it.” The ‘gap’ is a failure to guard the agent against the decades old Bash shell tricks, such as quote removal and $IFS spacing. Since these agents run with a developer’s full account authority, this can radiate into a major supply chain risk.

Full report : Decades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, potentially turning malicious repositories into supply chain attack vectors.