How Agentic AI Coding Assistants Become the Attacker's Shell
For developers and organizations using AI coding assistants, this paper highlights a critical security vulnerability that can turn assistants into attack vectors.
The paper identifies and analyzes prompt injection attacks on agentic AI coding assistants, showing how hidden instructions in external artifacts can hijack them to run unauthorized commands. It measures the prevalence of such attacks and discusses limitations of current defenses.
Agentic AI coding assistants can edit files, run commands, and access the internet on behalf of developers. However, their reliance on unvetted external artifacts introduces a new attack vector. Hidden instructions in external artifacts can hijack these assistants, turning them into an attacker's shell to run unauthorized commands. In this article, we examine how these prompt injection attacks work, measure their prevalence, discuss the limitations and challenges of current defenses, and suggest future research directions.