Overview
- A threat actor using the alias lkmanka58 exploited an inappropriately scoped GitHub token to insert a system-wiping prompt into Amazon Q’s open-source repository in mid-July.
- The malicious natural-language instruction briefly appeared in version 1.84.0 of the Q Developer extension for VS Code but failed to execute due to a syntax error.
- AWS published a postmortem on July 23, released the patched version 1.85.0 on July 24, and strengthened its contribution guidelines to tighten code review and credential controls.
- Security analysts characterize the incident as a standard open-source supply chain attack exacerbated by AI prompt injection, urging short-lived tokens and layered defenses.
- The individual claiming responsibility said the stunt was intended to expose what they called Amazon’s “AI security theater” rather than to inflict real harm.