Overview
- On July 24, Amazon released Q Developer extension v1.85.0 to strip out a malicious system-wipe prompt that had been bundled in version 1.84.0.
- A syntax error in the injected natural-language instruction prevented execution, and Amazon confirms no user environments were affected.
- The attacker exploited an overprivileged GitHub token in the CodeBuild configuration to insert the prompt on July 13 as a demonstration of security gaps.
- Amazon publicly acknowledged the injection on July 23 and began a postmortem review focused on credential management and code review enhancements.
- Industry experts warn that AI prompt injection in developer tools expands attack surfaces and urge adoption of short-lived tokens and layered defense measures.