THREATOPS
THREAT OPSThreat News › Amazon Q Developer: Secrets Leaked via DNS and Prompt Injection

Amazon Q Developer: Secrets Leaked via DNS and Prompt Injection

infoembracetheredPublished 2025-08-18

<a id="top_ref"></a>

<p>The next three posts will cover high severity vulnerabilities in the Amazon Q Developer VS Code Extension (Amazon Q Developer), which is a very popular coding agent, with over 1 million downloads.</p> <p>It is vulnerable to prompt injection from untrusted data and its security depends heavily on model behavior.</p> <p><a href="https://embracethered.com/blog/images/2025/epi

MITRE ATT&CK techniques

Original source: https://embracethered.com/blog/posts/2025/amazon-q-developer-data-exfil-via-dns/