Not My Vibe: When AI Coding Agents Go Off the Rails
Aonan Guan, Zhengyu Liu
BSidesSF 2026 · Day 1 · AMC Theatre 14
In an era where AI coding agents are rapidly becoming indispensable tools for developers, the talk "Not My Vibe: When AI Coding Agents Go Off the Rails" by Aonan Guan and Zhengyu Liu (with contributions from Gavin, an independent researcher) presented a sobering look at the inherent security vulnerabilities in these increasingly autonomous systems. The speakers, all deeply involved in AI security research, shared insights from their systematic study of CLI-based agents like Google Gemini CLI and Cloud Code, revealing a landscape rife with bypasses and design flaws.
AI review
Solid empirical security research on a target that genuinely matters right now — CLI-based AI coding agents — with real CVEs, real bounties, and a systematic version-by-version methodology that shows the authors actually did the work. The shell parsing evolution story alone (regex → Tree-sitter → still broken) is a convincing argument that this attack class is structurally hard, not just poorly patched.