Definition
A trick where an attacker places a file that looks like a normal file but is actually a hidden pointer ('symlink') to a sensitive location, such as system credentials. When an AI agent or tool follows that pointer without checking, it ends up reading or writing somewhere it was never supposed to access.
Why it matters
This technique was recently shown to bypass the 'human approval' step that several major AI coding assistants rely on as their core safety promise, meaning the approval a human sees isn't always the action that actually happens.