来自MSN

Amazon quietly fixed Q Developer flaws that made AI agent vulnerable to prompt injection, RCE

Amazon has quietly fixed a couple of security issues in its coding agent: Amazon Q Developer VS Code extension. Attackers could use these vulns to leak secrets, including API keys from a developer's ...
CSOonline

Hackers can slip ghost commands into the Amazon Q Developer VS Code Extension

The Amazon Q Developer VS Code Extension is reportedly vulnerable to stealthy prompt injection attacks using invisible Unicode Tag characters. According to the author of the “Embrace The Red” blog, ...
InfoWorld

Amazon Q Developer review: Code completions, code chat, and AWS skills

Amazon Q Developer works well for completing lines of code, doc strings, and if/for/while/try code blocks, but can’t generate full functions for certain use cases. When I reviewed Amazon CodeWhisperer ...