託管於 MSN

Amazon quietly fixed Q Developer flaws that made AI agent vulnerable to prompt injection, RCE

Amazon has quietly fixed a couple of security issues in its coding agent: Amazon Q Developer VS Code extension. Attackers could use these vulns to leak secrets, including API keys from a developer's ...
Visual Studio Magazine

Prompt Engineering? See VS Code Team's System Prompts for Copilot Chat, Now Open Source

"Now that the code is open source, what does it mean for you? Explore the codebase and learn how agent mode is implemented, what context is sent to LLMs, and how we engineer our prompts. Everything, ...
Bleeping Computer

Amazon AI coding agent hacked to inject data wiping commands

A hacker planted data wiping code in a version of Amazon's generative AI-powered assistant, the Q Developer Extension for Visual Studio Code. Amazon Q is a free extension that uses generative AI to ...
CSOonline

Hackers can slip ghost commands into the Amazon Q Developer VS Code Extension

The Amazon Q Developer VS Code Extension is reportedly vulnerable to stealthy prompt injection attacks using invisible Unicode Tag characters. According to the author of the “Embrace The Red” blog, ...