Darren Meyer, Security Research Advocate at Checkmarx, is sharing their work on "Bypassing AI Agent Defenses with Lies-in-the-Loop." Checkmarx Zero researchers introduce “lies-in-the-loop,” a new attack technique that bypasses human‑in‑the‑loop AI safety controls by deceiving users into approving dangerous actions that appear benign.

Using examples with AI code assistants like Claude Code, the research shows how prompt injection and manipulated context can trick both the agent and the human reviewer into enabling remote code execution. The findings highlight a growing risk as AI agents become more common in developer workflows, underscoring the limits of human oversight as a standalone security control.

The research can be found here:

Learn more about your ad choices. Visit megaphone.fm/adchoices