The newly identified attack class compromises AI coding agents exploiting trust relationships between agents and underlying systems to steal credentials and data.