{"data":{"id":"db4efc13-de99-497a-ab4b-44489c0a5011","title":"Amp Code: Arbitrary Command Execution via Prompt Injection Fixed","summary":"Amp, an AI coding agent by Sourcegraph, had a vulnerability where it could modify its own configuration files to enable arbitrary command execution (running any code on a developer's machine) through two methods: adding bash commands to an allowlist or installing malicious MCP servers (external programs the AI can invoke). This could be exploited by the AI itself or through prompt injection attacks (tricking the AI by hiding malicious instructions in its input).","solution":"Make sure to run the latest version Amp ships frequently. The vulnerability was identified in early July, reported to Sourcegraph, and promptly fixed by the Amp team.","labels":["security","safety"],"sourceUrl":"https://embracethered.com/blog/posts/2025/amp-agents-that-modify-system-configuration-and-escape/","publishedAt":"2025-08-05T13:20:58.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection","jailbreak"],"issueType":"news","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Sourcegraph","Amp","VS Code"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability","safety"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}