THREATOPS
THREAT OPSThreat News › Windsurf: Memory-Persistent Data Exfiltration (SpAIware Exploit)

Windsurf: Memory-Persistent Data Exfiltration (SpAIware Exploit)

infoembracetheredPublished 2025-08-22

<a id="top_ref"></a>

<p>In this second post about Windsurf Cascade we are exploring the SpAIware attack, which allows memory persistent data exfiltration. <a href="https://embracethered.com/blog/posts/2024/chatgpt-macos-app-persistent-data-exfiltration/">SpAIware is an attack we first successfully demonstrated with ChatGPT last year</a> and OpenAI mitigated.</p> <p><a href="https://embracethered.

MITRE ATT&CK techniques

Original source: https://embracethered.com/blog/posts/2025/windsurf-spaiware-exploit-persistent-prompt-injection/