Claude Code CLAUDE.md SQL Injection Attack — LayerX 'Vibe Hacking' Research
Security researchers at LayerX have published findings that should give every Claude Code user pause: a carefully crafted CLAUDE.md file can turn the agentic coding assistant into what they describe as a “nation-state-level attack tool” — capable of executing SQL injection attacks, stealing credentials, and bypassing safeguards during normal coding sessions. No actual coding required on the attacker’s part. Just a malicious markdown file. What Is “Vibe Hacking”? LayerX coined the term vibe hacking to describe a class of attacks where malicious instructions are embedded in the ambient configuration context of an AI coding agent, rather than in explicit code or prompts. The “vibe” in question is the agent’s operating context — its instructions, its persona, its assumed goals. ...