"In a blog published this week, Manifold Security showed how an AI-powered code reviewer built on Claude accepted changes that appeared to come from a legitimate maintainer. By setting a fake author name and email in Git, the team made a commit appear to originate from a trusted source, then passed it through an automated review flow where the model approved it."
"The problem arises when that metadata is treated as a signal of trust. In this case, the model appeared to give weight to the author's claimed identity rather than independently assessing whether the change itself was sound."
"The motivation behind such configurations is understandable. Maintainers of popular open source projects are drowning in PRs. Automating review for contributions from known, trusted figures reduces the bottleneck. But it creates an assumption that authorship can be trusted at face value."
"Manifold compares the setup to the recent OpenClaw Cline package compromise, where a poisoned package slipped into a trusted environment and was treated as legitimate long enough to cause damage. In both cases, something that appeared to come from a reliable source was given a level of trust it hadn't earned."
AI-powered code reviewers, like Claude, can be tricked into approving malicious code by faking commit metadata. By altering the author name and email in Git, a commit can appear to come from a trusted source, leading to automatic approval. This issue arises not from Git vulnerabilities but from the reliance on metadata as a trust signal. The automation of reviews for known contributors can create false assumptions about authorship, similar to past incidents where compromised packages were treated as legitimate.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]