{"data":{"id":"b323d06e-edc9-4405-af5d-468d2b360342","title":"Amp Code: Invisible Prompt Injection Fixed by Sourcegraph","summary":"Sourcegraph's Amp coding agent was vulnerable to invisible prompt injection (hidden instructions embedded in text that AI models interpret as commands). Attackers could use invisible Unicode Tag characters to trick the AI into dumping environment variables and exfiltrating secrets through URLs. The vulnerability has been fixed in the latest version.","solution":"According to the source, Sourcegraph addressed the vulnerability by \"sanitizing the input.\" The source also recommends that developers: strip or neutralize Unicode Tag characters before processing input, add visual and technical safeguards against invisible prompts, include automated detection of suspicious Unicode usage in prompt injection monitors, implement human-in-the-loop approval before navigating to untrusted third-party domains, and mitigate downstream data exfiltration vulnerabilities.","labels":["security","safety"],"sourceUrl":"https://embracethered.com/blog/posts/2025/amp-code-fixed-invisible-prompt-injection/","publishedAt":"2025-08-16T19:20:58.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"medium","attackType":["prompt_injection"],"issueType":"news","affectedPackages":null,"affectedVendors":["Anthropic","Google"],"affectedVendorsRaw":["Sourcegraph","Amp","Claude","Gemini","Grok","OpenAI","ChatGPT"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}