"All AI IDEs (and coding assistants that integrate with them) effectively ignore the base software (IDE) in their threat model. They treat their features as inherently safe because they've been there for years. However, once you add AI agents that can act autonomously, the same features can be weaponized into data exfiltration and RCE primitives."
"Bypass a large language model's (LLM) guardrails to hijack the context and perform the attacker's bidding (aka prompt injection) Perform certain actions without requiring any user interaction via an AI agent's auto-approved tool calls Trigger an IDE's legitimate features that allow an attacker to break out of the security boundary to leak sensitive data or execute arbitrary commands"
"I think the fact that multiple universal attack chains affected each and every AI IDE tested is the most surprising finding of this research,"
More than 30 security vulnerabilities impact multiple AI-powered Integrated Development Environments and extensions, with 24 assigned CVE identifiers. The vulnerabilities combine three vectors: bypassing large language model guardrails via prompt injection, executing actions without user interaction through auto-approved agent tool calls, and leveraging legitimate IDE features to break security boundaries. The chained vectors enable attackers to exfiltrate sensitive data and achieve remote code execution by weaponizing longstanding IDE features once autonomous AI agents are added. Multiple popular IDEs and extensions are affected, and universal attack chains were observed across all AI IDEs tested.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]