What "Code That Runs Before You Click Trust" Means for AI Coding Tools (Claude Code Case Study)

The trust dialog in an AI coding tool is supposed to be the security boundary that gates everything the agent does inside a workspace. External security researchers recently published a technical write-up of arbitrary code execution paths in Anthropic's Claude Code CLI that fired before that dialog appeared. Anthropic patched the disclosed paths quietly in December 2025; the public write-up landed on April 30, 2026. This article is not just about Claude Code.