THREAT OPS › Threat News › Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection
Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection
<a id="top_ref"></a>
<p>The Amazon Q Developer VS Code Extension (Amazon Q) is a very popular coding agent, with over <a href="https://marketplace.visualstudio.com/items?itemName=AmazonWebServices.amazon-q-vscode">1 million downloads</a>.</p> <p>In previous posts we showed how prompt injection vulnerabilities in Amazon Q could lead to:</p> <ul> <li><a href="https://embracethered.com/blog/posts/20
MITRE ATT&CK techniques
Indicators of compromise
- https://marketplace.visualstudio.com/items?itemName=AmazonWebServices.amazon-q-vscodeurl