Particle.news

Download on the App Store

Amazon Q Prompt Injection Patched, Experts Highlight AI Supply Chain Vulnerabilities

AWS has removed the malicious snippet in version 1.85.0 of its VS Code extension after confirming no customer systems were affected.

Amazon Q, Amazon's AI coding assistant
Image
Generative AI virtual assistant Amazon Q was unveiled by AWS CEO Adam Selipsky in 2023. Image: AWS

Overview

  • A threat actor using the alias lkmanka58 exploited an inappropriately scoped GitHub token to insert a system-wiping prompt into Amazon Q’s open-source repository in mid-July.
  • The malicious natural-language instruction briefly appeared in version 1.84.0 of the Q Developer extension for VS Code but failed to execute due to a syntax error.
  • AWS published a postmortem on July 23, released the patched version 1.85.0 on July 24, and strengthened its contribution guidelines to tighten code review and credential controls.
  • Security analysts characterize the incident as a standard open-source supply chain attack exacerbated by AI prompt injection, urging short-lived tokens and layered defenses.
  • The individual claiming responsibility said the stunt was intended to expose what they called Amazon’s “AI security theater” rather than to inflict real harm.