Claude Code Security: What Every Developer Gets Wrong (opens in new tab)

Last month, a developer cloned a GitHub repo and opened it in Claude Code. Before they even clicked "Accept" on the trust dialog, code from that repo had already executed on their machine. That's CVE-2025-59536, rated CVSS 8.7. The developer didn't do anything unusual. They just opened a folder. If that doesn't make you rethink how you use AI coding agents, I'm not sure what will. I've been using Claude Code daily for over six months now — building backend services. FastAPI, DynamoDB, MQTT pi...