Lies-in-the-Loop Enables Remote Code Execution Via Safety Dialogs
Cyber Security News reported December 22, 2025 that a newly discovered attack called Lies-in-the-Loop manipulates approval dialogs in AI code assistants to perform remote code execution. The technique targets Human-in-the-Loop safety controls and weaponizes built-in approval prompts. Security teams should treat dialogs as untrusted inputs and implement additional verification and safeguards to block misuse.
Key Points
- 1Exploits: Lies-in-the-Loop manipulates approval dialogs in AI code assistants to trigger unintended executions.
- 2Significance: Attack weaponizes built-in safety and Human-in-the-Loop controls, undermining explicit permission mechanisms.
- 3Implication: Practitioners must redesign approval flows, add verification, and treat dialogs as untrusted inputs.
Scoring Rationale
High novelty and broad impact across code assistants, but limited confirmation from multiple sources reduces immediate certainty.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems


