Claude Code, a coding tool, faces potential poisoning attack risks, according to SlowMist founder Cosine. Attackers could exploit malicious project configuration files to execute arbitrary commands without user consent, potentially stealing API keys, cloud credentials, or controlling local devices. Researchers demonstrated this risk by triggering command execution on Mac systems, highlighting vulnerabilities that could lead to significant security breaches. If successful, such attacks could result in the theft of API keys for AI services like Claude and OpenAI, leading to account fee losses. Additionally, attackers might obtain cloud service credentials for platforms such as AWS, Alibaba Cloud, and Tencent Cloud, allowing unauthorized access to servers and data. The risk extends to tampering with code repositories to implant backdoors and using compromised devices to infiltrate enterprise networks.