AI-powered coding assistants are reshaping software development, but new research from Palo Alto Networks highlights how adversaries can exploit these tools to deliver hidden backdoors and malicious content, reports Cyber Security News.The weakness stems from indirect prompt injection, where compromised data sources, such as public repositories, documentation, or scraped feeds, embed instructions that coding assistants mistakenly treat as legitimate context. In one simulation, researchers demonstrated how malicious CSV data prompted an assistant to generate a function named fetch_additional_data, which connected to a command-and-control server and executed attacker commands disguised as analytics.Because the injected code appeared natural, blended with legitimate workflows, and required no unusual libraries, it evaded both automated and manual reviews. The risk is compounded by assistants' multi-language adaptability, allowing attackers to spread payloads across diverse environments.Palo Alto researchers warn that this threat exposes developers' trust in AI-generated code, underscoring the need for rigorous context validation and stronger safeguards as coding assistants gain autonomy.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




