THREAT OPS › Threat News › Safeguarding VS Code against prompt injections
Safeguarding VS Code against prompt injections
<p class="wp-block-paragraph">The Copilot Chat extension for VS Code has been evolving rapidly over the past few months, adding a wide range of new features. Its new agent mode lets you use multiple large language models (LLMs), built-in tools, and MCP servers to write code, make commit requests, and integrate with external systems. It’s highly customizable, allowing users to choose which to
Attributed threat actors
- InceptionG0100
MITRE ATT&CK techniques
- VulnerabilitiesT1588.006
- System PromptAML.T0069.002
Indicators of compromise
- 0958948eb9be33d16c94783e6185cc50c15959e7sha1
- cf4fbf6a69eb53bbacc98f114f515ea3e327e73bsha1
- https://code.visualstudio.com/api/extension-guides/ai/toolsurl
- http://127.0.0.1:7080url
- https://*.visualstudio.comurl
- https://*.gallerycdn.vsassets.iourl
- https://artsploit.com/.github.com?token=oauth_tokenurl
- https://artsploit.com?token=oauth_tokenurl
- https://embracethered.com/blog/posts/2025/github-copilot-remote-code-execution-via-prompt-injection/url
- https://www.persistent-security.net/post/part-iii-vscode-copilot-wormable-command-execution-via-prompt-injectionurl
- https://code.visualstudio.com/insiders/url
- https://code.visualstudio.com/docs/copilot/chat/mcp-servers#_mcp-server-trusturl
- https://code.visualstudio.com/docs/setup/enterpriseurl
- https://code.visualstudio.com/docs/editing/workspaces/workspace-trusturl
- https://code.visualstudio.com/docs/devcontainers/containersurl
- https://code.visualstudio.com/docs/devcontainers/containers#_create-a-devcontainerjson-fileurl
- 138.112.25.25ipv4
- api.enterprise.githubcopilot.comdomain