Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.
Recent vulnerabilities in AI coding agents, including Codex, Claude Code, Copilot, and Vertex AI, have exposed critical security flaws that allow attackers to exploit runtime credentials without human oversight. These breaches highlight a significant governance gap in enterprise AI security, as existing IAM frameworks fail to adequately manage and monitor AI agent identities and their permissions.
The key insight for you is the critical importance of managing AI agent credentials and permissions with the same rigor as human identities. As highlighted by multiple breaches in Codex, Claude Code, Copilot, and Vertex AI, these AI agents often operate with extensive privileges that make them vulnerable to exploitation. Implementing a robust identity governance framework for AI agents, including credential rotation, least-privilege scoping, and comprehensive auditing, is essential to mitigate risks associated with runtime credential exposure and unauthorized access.