{"data":{"id":"20285eb3-4071-41c6-98fd-8eec6544f9e0","title":"Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection","summary":"Amazon Q Developer for VS Code, a coding tool used by over 1 million people, has a vulnerability where attackers can use invisible Unicode characters (special characters that humans cannot see but the AI can read) to trick the AI into following hidden instructions, potentially stealing sensitive information or running malicious code on a user's computer.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://embracethered.com/blog/posts/2025/amazon-q-developer-interprets-hidden-instructions/","publishedAt":"2025-08-20T11:00:00.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection"],"issueType":"news","affectedPackages":null,"affectedVendors":["Amazon"],"affectedVendorsRaw":["Amazon Q","Amazon Q Developer"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}