SecurityHigh

Hacker Slips a System-Wiping Prompt Into Amazon Q's Official VS Code Extension Release

Amazon Web Services (Amazon Q Developer extension)

What Happened

An attacker using inadequate access controls submitted a pull request that injected a prompt into Amazon's Q Developer coding agent instructing it to wipe the local filesystem and delete AWS resources like EC2, S3, and IAM. The malicious code shipped in the official marketplace release, version 1.84.0, of the VS Code extension. The attacker said the payload was deliberately made defective as a protest against 'AI security theater.'

Impact

The compromised build reached close to a million installations before AWS pulled it and released a patched 1.85.0, revoking and replacing the affected credentials. AWS stated no customer resources were harmed, but the incident showed how a single unreviewed contribution can arm an AI agent with destructive commands at scale.

How to Prevent This

  • Require strict review and signing for all contributions before they reach production releases
  • Restrict who can commit to and publish AI agent extensions with least-privilege access controls
  • Scan agent prompts and system instructions for destructive commands prior to shipping
  • Sandbox coding-agent execution so it cannot delete local files or cloud resources without approval
  • Rotate build credentials promptly and audit the release pipeline for unauthorized changes

Don't Let Your Company Be the Next Case Study

Take our 2-minute quiz to identify your AI risks before they become failures.

Assess Your AI Risks Now →

Most teams can't — find out in 2 minutes

Real AI failures analyzed • Free 2-minute assessment