Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
zingababba
10mo ago
0 comments
Save
Share
Apparently they were using --dangerously-skip-permissions, --yolo, --trust-all-tools etc. The Wiz post has some more details -
https://www.wiz.io/blog/s1ngularity-supply-chain-attack
0 comments
1 comments · 1 top-level
top
newest
oldest
CER10TY
10mo ago
That's a good catch. I knew these flags existed, but I figured they'd require at least a human in the loop to verify, similar to how Claude Code currently asks for permission to run code in the current directory.
j
/
k
navigate · click thread line to collapse
