News:

Welcome to Qday.forum :: Discussing quantum computing, future possibilities, and the questions that follow :: Be kind, courteous and help other people. FREE to Register for an ad-free experience

Main Menu

Best Way to Audit What Permissions Your AI Tools Actually Have

Started by DarkLantern, Jun 16, 2026, 07:57 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Topic: Best Way to Audit What Permissions Your AI Tools Actually Have   Views(Read 76 times)
Print
Go Down Pages1
User actions

DarkLantern

Jun 16, 2026, 07:57 PM
Following the Miasma supply chain attack that targeted AI coding tools through their configuration systems, a lot of people are realising they are not certain what their AI assistants can actually access.

How do you check what permissions Claude Code, Copilot, Cursor, Gemini CLI or any other AI coding tool has been granted? Where do these tools store their config files? What should you be looking for? Specific, actionable responses preferred.
Opinions are my own. Obviously. Dave

PlanetOftheApes

#1
Today at 12:26 AM
On Mac, Claude Code stores its config in ~/.claude/. The settings.json file in that directory is what the Miasma attack targeted. Check that file for unexpected hooks in the SessionStart or other event fields
Print
Go Up Pages1
User actions