Amazon Q Developer and Kiro – Prompt Injection Issues in Kiro and Q IDE plugins
Summary
Amazon Q Developer and AWS Kiro, which are AI tools that help developers write code, have security vulnerabilities related to prompt injection (tricking the AI by hiding malicious instructions in files or suggestions). Attackers could potentially execute commands or steal sensitive information without the developer's knowledge. AWS has released multiple software updates that require human confirmation before executing risky commands.
Solution / Mitigation
For Amazon Q Developer: upgrade to Language Server v1.22.0 or later (released July 17, 2025) to require human confirmation for find, grep, and echo commands; upgrade to Language Server v1.24.0 or later (released July 29, 2025) to require human confirmation for ping and dig commands. For AWS Kiro: upgrade to version 0.1.42 or later (released August 1, 2025), which requires human confirmation for risky actions when configured in Supervised mode.
Classification
Affected Vendors
Related Issues
Original source: https://aws.amazon.com/security/security-bulletins/rss/aws-2025-019/
First tracked: June 5, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 95%