The Hacker News reports that multiple widely used AI-powered Integrated Development Environments and extensions, including GitHub Copilot, Cursor, Junie, and Windsurf, have been impacted with more than 30 vulnerabilities dubbed "IDEsaster", which could facilitate remote code execution and data compromise.With AI IDEs and integrated coding assistants disregarding potential threats posed by their base software, attackers could weaponize their features to enable prompt injection, data leaks, and arbitrary command execution even without any user interaction, according to security researcher Ari Marzouk, also known as MaccariTA. As intrusions have usually been underpinned by prompt injections and jailbreaks, developers have been urged by Marzouk to leverage AI IDEs and AI agents with trusted projects and files, as well as ensure connections only to trusted MCP servers.Such connections should also be continuously tracked, said Marzouk, who also recommended more stringent reviews of MCP tools' data flow, as well as newly added sources.
AI/ML, Vulnerability Management
Dozens of AI coding tool vulnerabilities discovered
(Adobe Stock)
An In-Depth Guide to AI
Get essential knowledge and practical strategies to use AI to better your security program.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds