"Orchids is a so-called "vibe-coding" tool, meaning people without technical skills can use it to build apps and games by typing a text prompt into a chatbot. Such platforms have exploded in popularity in recent months, and are often heralded as an early example of how various professional services could be done quickly and cheaply by AI."
"I downloaded the Orchids desktop app to my spare laptop, which I use for experiments, and started a vibe-coding project as a test. I asked Orchids to help me build the code for a computer game based on the BBC News website. Automatically, the AI assistant began compiling code on the screen that, without any experience, I couldn't understand. Exploiting a cyber-security weakness (which we are not disclosing), Mohsin was able to gain access to my project, and view and edit any of the code."
"He then added a a small line of code somewhere in the thousands of lines of letters, numbers and symbols into my project, unbeknown to me. It appears this allowed him to gain access my computer - because shortly afterwards, a notepad file called "Joe is hacked" appeared on the desktop, and the wallpaper was changed to an image of an AI hacker. The implications of the hac"
Orchids is a 'vibe-coding' AI tool that enables non-technical users to build apps and games by prompting a chatbot. The company claims a million users and customers including Google, Uber, and Amazon, and receives high ratings for some vibe-coding features. Cyber-security researcher Etizaz Mohsin demonstrated an unpatched vulnerability in the Orchids desktop app that allowed access to user projects and editing of code. Mohsin inserted a small line of code that appeared to grant access to the tester's computer, creating a desktop file and changing the wallpaper. The company did not respond to requests for comment.
Read at www.bbc.com
Unable to calculate read time
Collection
[
|
...
]