THREAT OPS › Threat News › OpenHands and the Lethal Trifecta: How Prompt Injection Can Leak Access Tokens
OpenHands and the Lethal Trifecta: How Prompt Injection Can Leak Access Tokens
<a id="top_ref"></a>
<p>Another day, another AI data exfiltration exploit. Today we talk about <a href="https://github.com/All-Hands-AI/OpenHands/">OpenHands</a>, formerly referred to as OpenDevin. It’s created by All-Hands AI.</p> <p>The OpenHands agent renders images in chat, which enables zero-click data exfiltration.</p> <p>Simon Willison recently gave this data exfiltration attack patt
Indicators of compromise
- https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/url