AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

Data Exfiltration via Image Rendering Fixed in Amp Code

mediumnewsLLM-Specific

security

Source: Embrace The RedAugust 17, 2025

Summary

A vulnerability in Amp Code from Sourcegraph allowed attackers to steal sensitive information by using prompt injection (tricking an AI by hiding instructions in its input) through markdown image rendering, which could force the AI to send previous chat data to attacker-controlled websites. This type of vulnerability is common in AI applications and similar to one previously found in GitHub Copilot. The vulnerability has been fixed in Amp Code.

Classification

Attack Type

Prompt InjectionData Extraction

Attack SophisticationModerate

Impact (CIA+S)

confidentiality

Affected Vendors

Microsoft

Related Issues

critical

CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive

Similar attackNVD/CVE Database

high

CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint

First tracked: February 12, 2026 at 02:20 PM

Classified by LLM (prompt v3) · confidence: 85%