VentureBeat

Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.

On March 30, BeyondTrust proved that a crafted GitHub branch name could steal Codex’s OAuth token in cleartext. OpenAI classified it Critical P1. Two days later, Anthropic’s Claude Code source code ...