Zoonop

Prompt Injection Exploit Puts 1 Million Amazon Q Developer Users at Risk

Image for Prompt Injection Exploit Puts 1 Million Amazon Q Developer Users at Risk

A recent prompt injection vulnerability in Amazon's Q Developer Extension for Visual Studio Code exposed nearly one million users to potential data manipulation, highlighting critical security gaps in AI-assisted development tools. Security researcher Homan Pourdamghani, who publicly commented on such vulnerabilities, underscored the difficulty of detecting these sophisticated attacks with traditional static analysis. The exploit, assigned CVE-2025-8217, involved malicious code injected through a GitHub pull request that was subsequently integrated into the extension.

The incident centered on version 1.84.0 of the Amazon Q Developer Extension, where a malicious pull request containing destructive commands was approved and distributed. These commands, if executed, could have instructed the AI to wipe user files and delete cloud resources. The attack demonstrated how easily untrusted inputs can alter the behavior of large language models (LLMs) used in coding assistants.

Amazon swiftly responded to the vulnerability, releasing version 1.85.0 of the extension to remove the malicious code and revoking affected credentials. The company confirmed that no customer data was actually impacted, as a syntax error prevented the malicious code from executing as intended. Despite the lack of actual damage, the incident raised significant concerns about the oversight and security protocols in open-source AI projects.

Homan Pourdamghani emphasized the insidious nature of these attacks, stating in a tweet, > "This simple prompt injection got read/write access to 1M repositories. Simple static analysis tools won't spot it." He further noted that while LLM observability layers might flag such issues, "by then the damage is done." Pourdamghani advocates for pre-emptive safeguards against injections, a challenging task given the volume of code AI agents generate, making human review difficult.

The exploit underscores a growing challenge in the rapidly evolving field of AI development, where the integration of AI tools into critical workflows demands robust security measures. Experts are calling for stricter code audits and enhanced security protocols to prevent similar incidents. The event serves as a stark reminder that as AI tools become more prevalent, the focus on securing their inputs and outputs must intensify to maintain trust and prevent widespread compromise.