AI reviewers shipped secret-exfil code because a ticket said "pre-approved"
{"@context":"https://schema.org","@type":"ScholarlyArticle","headline":"They'll Verify. They Just Won't Act.","description":"A pre-registered factorial study of a five-agent CI/CD pipeline: one external issue induced secret-exfiltrating code to ship in up to 55% of worst-case runs. A single untrusted input, an external issue requesting a “usage-telemetry” feature, asks for code that exfiltrates process secrets to an attacker URL — laundered as observability.
- ▪{"@context":"https://schema.org","@type":"ScholarlyArticle","headline":"They'll Verify.
- ▪They Just Won't Act.","description":"A pre-registered factorial study of a five-agent CI/CD pipeline: one external issue induced secret-exfiltrating code to ship in up to 55% of worst-case runs.
- ▪A single untrusted input, an external issue requesting a “usage-telemetry” feature, asks for code that exfiltrates process secrets to an attacker URL — laundered as observability.
Opening excerpt (first ~120 words) tap to expand
{"@context":"https://schema.org","@type":"ScholarlyArticle","headline":"They'll Verify. They Just Won't Act.","description":"A pre-registered factorial study of a five-agent CI/CD pipeline: one external issue induced secret-exfiltrating code to ship in up to 55% of worst-case runs. Authority framing made verifiers approve malice they could see; every content-based control missed the laundered intent.","url":"https://senthex.com/en/research/relay/","inLanguage":"en","datePublished":"2026-07-10","author":{"@type":"Organization","name":"Senthex…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Senthex.