AI-powered IDEs prompt-injection RCE and data-exfiltration flaws (multiple vulnerabilities)
Vulnerability
Summary
Hide ▲
Show ▼
A disclosed set of 30+ vulnerabilities in AI-powered IDEs and coding assistants creates data exfiltration and remote code execution risk across tools such as Cursor and GitHub Copilot. The flaws are chained through prompt injection and legitimate IDE features, and 24 CVEs have already been assigned. The disclosure shows that normal development workflows can be turned into attack paths when AI agents trust hostile context.
Related Happenings
Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale
Security Tool/Service
First: 13.05.2026 16:46
Last: 13.05.2026 16:46
Sources 1
About this happening:
Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....
Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale
Security Tool/ServiceAbout this happening: Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical Analysis
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
**Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical AnalysisAbout this happening: **Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
Campaign
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
CampaignAbout this happening: An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
Widespread exposure and misconfiguration in self-hosted AI infrastructure
Target Trend
First: 05.05.2026 13:30
Last: 05.05.2026 13:30
Sources 1
About this happening:
A large-scale measurement found **self-hosted AI infrastructure** was being deployed with **widespread exposure and no authentication**, creating a broad risk of data theft, workf...
Widespread exposure and misconfiguration in self-hosted AI infrastructure
Target TrendAbout this happening: A large-scale measurement found **self-hosted AI infrastructure** was being deployed with **widespread exposure and no authentication**, creating a broad risk of data theft, workf...
Enterprise AI deployments need governance and segmentation after red-team failures
Defensive Guidance
First: 24.04.2026 15:10
Last: 24.04.2026 15:10
Sources 1
About this happening:
**Enterprise AI deployments** are exposing familiar security gaps, making **governance**, **segmentation**, and **red-team validation** urgent to reduce the risk of **data theft**...
Enterprise AI deployments need governance and segmentation after red-team failures
Defensive GuidanceAbout this happening: **Enterprise AI deployments** are exposing familiar security gaps, making **governance**, **segmentation**, and **red-team validation** urgent to reduce the risk of **data theft**...
Timeline
-
06.12.2025 17:24 2 articles · 5mo ago
IDEsaster disclosure of AI IDE vulnerabilities
Initial DisclosureSecurity researcher Ari Marzouk (MaccariTA) disclosed 30+ vulnerabilities in AI-powered IDEs and coding assistants, naming the issue set IDEsaster. The affected tools include Cursor, Windsurf, Kiro.dev, GitHub Copilot, Zed.dev, Roo Code, Junie, and Cline, and 24 of the issues received CVE identifiers. The disclosed attack chains combine prompt injection, auto-approved agent tool calls, and legitimate IDE features to leak sensitive files or achieve remote code execution.
Show sources
- Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks — thehackernews.com — 06.12.2025 17:24
- Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks — thehackernews.com — 06.12.2025 17:24