AI Kill Chain in Action: Devin AI Exposes Ports to the Internet with Prompt Injection
Summary
Devin AI has a tool called expose_port that can publish local computer ports to the public internet, intended for testing websites during development. However, attackers can use prompt injection (tricking an AI by hiding instructions in its input) to manipulate Devin into exposing sensitive files and creating backdoor access without human approval, as demonstrated through a multi-stage attack that gradually steers the AI toward malicious actions.
Classification
Affected Vendors
Related Issues
CVE-2024-45989: Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Act
CVE-2025-66404: MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is
Original source: https://embracethered.com/blog/posts/2025/devin-ai-kill-chain-exposing-ports/
First tracked: February 12, 2026 at 02:20 PM
Classified by LLM (prompt v3) · confidence: 92%