The Race to Ship AI Tools Left Security Behind: Sandbox Escape

Research identified a recurring sandbox trust-boundary failure in AI coding tools from Anthropic, Google, and OpenAI. Anthropic addressed the issue and assigned CVE-2026-25725, while Google did not release a fix by disclosure. OpenAI classified the report as informational and did not resolve the underlying architectural flaw.