Identity , DevSecOps , AI/ML AI code reviewer fooled by spoofed developer identity April 20, 2026 Share By SC Staff (Adobe Stock) As reported by The Register, security researchers have demonstrated a weakness in AI-powered code review systems, specifically Anthropic's Claude. The AI can be tricked into approving malicious code by exploiting how it processes developer identity within Git. Manifold Security showcased how an AI code reviewer, using Claude, accepted malicious code changes due to spoofing of a trusted developer's identity. By manipulating author name and email in Git, the team made a commit appear to originate from a legitimate source. This fake identity was then passed through an automated review process, where the AI model approved the changes without independent verification of the code's integrity. This is not a flaw in Git itself, but rather in the trust placed on easily faked commit metadata by AI systems. In the test, the workflow was configured to auto-approve requests from "recognized industry legends," highlighting how implicit trust rules can be exploited. While automating reviews for popular open-source projects can alleviate maintainer workload, relying solely on author identity as a trust signal is insufficient. Unlike human reviewers who might question unusual changes, AI models can be consistently fooled by spoofed credentials, according to Manifold. This creates a pathway for threat actors to inject malicious code into repositories, bypassing security controls. Source: The Register SC Staff Related Identity Privilege risk is in the lifecycle: A CISO discussion on modernizing identity control Paul Wagenseil April 20, 2026 Some of the biggest identity risks emerge when employees are hired, depart, or change roles. DevSecOps Vercel incident falls short of a supply chain attack — for now Steve Zurier April 20, 2026 Experts say Vercel case was a trust and authentication boundary failure, but not an attack on the level of SolarWinds. Security Operations Man sentenced for hacking U.S. Supreme Court and government systems SC Staff April 20, 2026 Nicholas Moore has been sentenced to one year of probation for hacking into the U.S. Supreme Court’s electronic document filing system multiple times over several months. Related Events Cybercast IAM for MSSPs: Real-World Deployments Mon May 18 Cybercast Privilege risk is in the lifecycle: A CISO discussion on modernizing identity control On-Demand Event Cybercast The industrialization of identity compromise On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Applet Biometrics Certificate-Based Authentication Client DLL Injection Digest Authentication Digital Certificate Discretionary Access Control (DAC) Dynamic Link Library Fuzzing You can skip this ad in 5 seconds