· 3 min read
SymJack: How a Renamed Symlink Turns Your AI Coding Agent Into a Supply Chain Weapon
SymJack hijacks symlinks inside AI coding agents to install malicious MCP servers and steal developer credentials. Here is how the attack works and what to do about it.