Researchers concealed a prompt injection within a PNG, and the AI was deceived by it.
**Hacker**
AI coding assistants like Claude are quickly becoming the preferred colleagues for developers. They can review code, clarify confusing functions, and even generate complete features based on a single prompt. However, recent research indicates that this increasing reliance could turn into a significant vulnerability.
A group of security researchers (Professor Sudipta Chattopadhyay and researcher Murali Ediga) has showcased an unconventional attack that does not directly target the AI model. Instead, it exploits areas that the AI overlooks during code reviews. Rather than embedding malicious commands within the code itself, the researchers concealed them within an image file. As many AI review tools regard images as mere decorative elements, the pull request can seem innocuous and pass through the review process without suspicion.
The most perilous file may be one you wouldn’t dare open.
Consider receiving a document featuring a company logo in the corner. You would likely glance at it and move on. Now envision that logo secretly contained directives instructing your AI assistant to access your password vault the next time you utilized it. This encapsulates the core idea behind this proof of concept. The exploit does not activate immediately after the code merges; it awaits a moment when a developer prompts the AI coding assistant to carry out a completely different task, such as crafting a helper function or adding a new module. By this point, the AI has already assimilated the concealed instructions and can inadvertently access sensitive project files, embedding confidential data into the code it generates.
What is particularly alarming is that the stolen data is not inserted into the source code in an overt manner. Instead, it is camouflaged as ordinary values that blend seamlessly with legitimate code, significantly reducing the likelihood of detection by existing security tools or drawing a developer's attention during a cursory review.
It’s not solely dependent on the AI you choose.
The researchers also discovered that the outcome wasn’t dictated by the specific large language model employed. In numerous cases, the same AI model demonstrated vastly different behaviors influenced by the coding assistant surrounding it. Some tools followed the hidden commands without question, while others identified dubious activity and halted the process. This distinction is critical as it implies the issue is not restricted to a specific chatbot. The true challenge lies in how AI-powered coding platforms determine what information to trust and which project files they can access.
The good news is that the researchers believe this challenge is solvable. They argue that AI review tools should become “multimodal” in every sense—examining images, documentation, configuration files, and other non-code elements with the same rigor as source code. If an AI can interpret an image, it must also recognize that the image could be intended to manipulate it. For developers, this serves as a reminder that AI coding tools still require oversight. While they can significantly accelerate software development, they also introduce entirely new attack vectors that didn’t exist previously. The next security threat may not be buried in countless lines of code; it could very well be hidden within an image that was never deemed worthy of inspection.
**Shimul is a contributor at Digital Trends, bringing over five years of experience in the technology realm.**
**AI has already been misappropriated, and it’s being leveraged for bomb-making.**
Artificial intelligence has rapidly become the essential resource for a wide range of tasks, from drafting emails and summarizing meetings to aiding students in their studies and helping developers debug code. Yet, the same technology that enhances efficiency can also be misused, and a new report indicates that terrorist groups are discovering ways to exploit it.
A research paper shared with The New York Times prior to its publication reveals that researchers found indications that members of Boko Haram have been utilizing popular AI chatbots to assist with both routine operations and combat-related activities. Interviews with 27 former members conducted over the past two years in Nigeria suggest that tools like ChatGPT, Gemini, Claude, Grok, Meta AI, and DeepSeek have been employed to gather technical knowledge, troubleshoot weaponry, and even aid in planning attacks.
**Read more**
**Claude Code can now browse the web without the need for Chrome.**
The desktop application now features an in-app browser that can read websites, click on links, and interact with web applications.
Developers often spend considerable time switching between their code editor, browser tabs, API documentation, GitHub issues, and design files. Anthropic believes that Claude Code should handle all these tasks without requiring users to constantly change windows. The company has introduced a new in-app browser for Claude Code on desktop, enabling its AI coding assistant to access websites, read documentation, inspect designs, and interact with web pages directly from within the application.
**A browser integrated into Claude Code**
**Apple is suing OpenAI over the theft of trade secrets in a high-profile lawsuit.**
The lawsuit alleges that OpenAI recruited Apple employees and gained access to confidential information about unreleased products.
For the last two years, Apple and OpenAI have been viewed as collaborative partners in AI.
Other articles
Researchers concealed a prompt injection within a PNG, and the AI was deceived by it.
Recent security research indicates that a seemingly innocuous PNG image could deceive AI coding assistants into revealing sensitive information.
