{"data":{"id":"93a76f66-b80c-475b-9d9c-1750c434c8f4","title":"Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments","summary":"Researchers discovered a vulnerability called 'Comment and Control' that affects multiple AI coding assistants, including Claude Code, Gemini CLI, and GitHub Copilot Agents. The attack works by hiding malicious instructions in code comments, which the AI systems then follow as if they were legitimate user requests. This is a type of prompt injection (tricking an AI by hiding instructions in its input) that specifically targets AI tools designed to help developers write code.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://www.securityweek.com/claude-code-gemini-cli-github-copilot-agents-vulnerable-to-prompt-injection-via-comments/","publishedAt":"2026-04-16T08:33:54.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection"],"issueType":"news","affectedPackages":null,"affectedVendors":["Anthropic","Google","Microsoft"],"affectedVendorsRaw":["Anthropic Claude","Google Gemini","GitHub Copilot","Claude Code"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-04-16T08:33:54.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}