THREATOPS
THREAT OPSThreat News › OpenHands and the Lethal Trifecta: How Prompt Injection Can Leak Access Tokens

OpenHands and the Lethal Trifecta: How Prompt Injection Can Leak Access Tokens

lowembracetheredPublished 2025-08-09

<a id="top_ref"></a>

<p>Another day, another AI data exfiltration exploit. Today we talk about <a href="https://github.com/All-Hands-AI/OpenHands/">OpenHands</a>, formerly referred to as OpenDevin. It&rsquo;s created by All-Hands AI.</p> <p>The OpenHands agent renders images in chat, which enables zero-click data exfiltration.</p> <p>Simon Willison recently gave this data exfiltration attack patt

Indicators of compromise

Original source: https://embracethered.com/blog/posts/2025/openhands-the-lethal-trifecta-strikes-again/