Researchers concealed a prompt injection within a PNG file, and the AI was deceived by it.
Hacker
AI coding assistants like Claude are emerging as favorites among developers. They can review code, clarify complicated functions, and even produce entire features from a single prompt. However, recent research indicates that this increasing reliance could also be their most significant vulnerability.
A group of security researchers, including Professor Sudipta Chattopadhyay and researcher Murali Ediga, have showcased an atypical attack that doesn’t directly target the AI model. Instead, it focuses on aspects the AI overlooks during code reviews. Rather than concealing malicious commands within code, the researchers embedded them in an image file. Many AI review systems treat images as mere decorative elements, which allows the pull request to seem completely innocuous and pass through the review process.
The most perilous file might be one you would never think to open.
Picture receiving a document adorned with a company logo in the corner. You would likely take a brief look and move on. Now, envision that the logo secretly held instructions for your AI assistant to access your password vault the next time you use it. This concept is essentially the core of this proof of concept. The trick doesn’t activate immediately after the code is merged; instead, it remains dormant until a developer later requests the AI coding assistant to perform a task unrelated to the existing code, such as creating a helper function or adding a new module. By that time, the AI has already processed the concealed instructions and can unknowingly access sensitive project files, ultimately incorporating confidential data into the generated code.
What’s particularly concerning is that the stolen information does not appear in the source code obviously. It is instead disguised as ordinary-looking values that blend seamlessly with legitimate code, significantly reducing the chances of triggering existing security measures or catching a developer’s attention during a quick review.
It's not solely about which AI you opt for.
The researchers also discovered that the results were not determined by the specific large language model in use. In numerous cases, the same AI model exhibited varying behavior depending on the coding assistant it was paired with. Some tools obediently executed the concealed instructions, while others detected something suspicious and halted further action. This distinction is crucial, as it indicates the issue isn’t confined to a particular chatbot. The real difficulty lies in how AI-powered coding platforms decide what information is trustworthy and which project files they can access.
The encouraging news is that the researchers do not believe this problem is insurmountable. They contend that AI review tools need to evolve into “multimodal” systems in the truest sense — scrutinizing images, documentation, configuration files, and other non-code assets with the same rigor as source code. If an AI can interpret an image, it must also recognize the potential for that image to manipulate it. For developers, this serves as a further reminder that AI coding tools require supervision. While they can considerably accelerate software development, they also introduce entirely new attack avenues that never existed before. The next security threat may not be lurking in thousands of lines of code; it could be hidden in an image that seems insignificant.
Shimul is a contributor at Digital Trends, with over five years of experience in the tech sector.
AI has already been misused, and it is being employed to create bombs.
Artificial intelligence has rapidly become the tool of choice for various tasks, ranging from drafting emails and summarizing meetings to assisting students in studying or helping developers debug code. However, the same technology that facilitates efficiency can also be exploited, and a new report indicates that terrorist groups are discovering ways to do just that.
A research paper shared with The New York Times prior to its publication reveals that researchers found evidence of Boko Haram members using popular AI chatbots to aid in both routine operations and combat-related activities. Interviews with 27 former members conducted in Nigeria over the past two years suggest that tools like ChatGPT, Gemini, Claude, Grok, Meta AI, and DeepSeek were utilized to gather technical insights, troubleshoot weaponry, and even assist in planning attacks.
Claude Code can now browse the web without opening Chrome.
The desktop application now features an in-app browser that can read websites, click links, and interact with web applications.
Developers often spend considerable time switching between their code editor, browser tabs, API documentation, GitHub issues, and design files. Anthropic believes Claude Code should handle all these tasks seamlessly, eliminating the constant need for users to change windows. The company has introduced a new in-app browser for Claude Code on desktop, allowing the AI coding assistant to access websites, read documentation, inspect designs, and interact with web pages directly from within the application.
Apple is suing OpenAI over allegations of trade secret theft in a major lawsuit.
The lawsuit claims that OpenAI recruited Apple employees and obtained confidential details about unreleased products.
For the past two years, Apple and OpenAI have been viewed as close partners in the AI space. ChatGPT powers essential features of Apple Intelligence, Siri can delegate complex queries to OpenAI, and together, they have contributed to
Other articles
Researchers concealed a prompt injection within a PNG file, and the AI was deceived by it.
Recent security research indicates that a seemingly innocent PNG image could trick AI coding assistants into revealing sensitive information.
