Tag

#AI coding tools

6 stories taggedAI coding tools.

A close-up, sharply focused 16:9 editorial photograph of a developer's keyboard and monitor in a dimly lit office at night
AI Security

GhostApproval: Six AI Coding Tools Were Tricking Developers Into Approving Dangerous Actions

A new attack pattern shows that the 'human approval' step built into AI coding assistants can be fed false information by the very tool it is supposed to oversee.

3 min
Photoreal news-editorial photograph, 16:9 framing, full-frame edge-to-edge composition
AI Security

AI Coding Assistants Fooled by Decades-Old File Trick to Attack Developer Machines

A technique as old as Unix itself let researchers plant hidden traps inside innocent-looking code projects, then watch AI tools quietly rewrite the wrong files while developers clicked 'approve'.

3 min
Photoreal news-editorial photograph, 16:9 framing, top-down overhead view of a modern developer workstation with a dark mechanical keyboard and a large monitor
AI Security

An AI Coding Tool Built Into Millions of Developer Setups Had a Flaw That Could Hand Hackers Your Cloud Keys

A security hole in Amazon's AI coding assistant let criminals steal cloud passwords just by getting a developer to open a poisoned folder. It's patched — but the attack method is spreading.

3 min
Photoreal news-editorial photograph, 16:9 framing, full-frame edge-to-edge composition
AI Security

The Automation Nobody Reviewed: How AI-Built Workflows Are Quietly Leaking Enterprise Data

A developer asked an AI to speed up a document approval process. It worked perfectly — and exposed sensitive HR files to hundreds of colleagues. This is happening across businesses right now.

3 min
AI Security

Cursor IDE's Sandbox Cracked by Prompt Injection — No User Interaction Required

Two logic flaws in Cursor's command execution sandbox let attackers escape the isolation layer and run code on the underlying OS. Patches landed in April. The researchers say Cursor isn't alone.

2 min
Threat Intelligence

TrapDoor: The Supply Chain Campaign That Wants Your Whole Dev Environment, Not Just Your Secrets

A cross-registry malware campaign hitting npm, PyPI, and Crates.io is going after CI/CD pipelines, SSH trust chains, and AI coding assistant files — not just credentials on install.

3 min
© 2026 Threat Vectr