Amp Code: Invisible Prompt Injection Fixed by Sourcegraph
Summary
Sourcegraph's Amp coding agent was vulnerable to invisible prompt injection (hidden instructions embedded in text that AI models interpret as commands). Attackers could use invisible Unicode Tag characters to trick the AI into dumping environment variables and exfiltrating secrets through URLs. The vulnerability has been fixed in the latest version.
Solution / Mitigation
According to the source, Sourcegraph addressed the vulnerability by "sanitizing the input." The source also recommends that developers: strip or neutralize Unicode Tag characters before processing input, add visual and technical safeguards against invisible prompts, include automated detection of suspicious Unicode usage in prompt injection monitors, implement human-in-the-loop approval before navigating to untrusted third-party domains, and mitigate downstream data exfiltration vulnerabilities.
Classification
Affected Vendors
Related Issues
Original source: https://embracethered.com/blog/posts/2025/amp-code-fixed-invisible-prompt-injection/
First tracked: February 12, 2026 at 02:20 PM
Classified by LLM (prompt v3) · confidence: 92%