English

How Agentic AI Coding Assistants Become the Attacker's Shell

Software Engineering 2026-05-26 v1 Cryptography and Security

Abstract

Agentic AI coding assistants can edit files, run commands, and access the internet on behalf of developers. However, their reliance on unvetted external artifacts introduces a new attack vector. Hidden instructions in external artifacts can hijack these assistants, turning them into an attacker's shell to run unauthorized commands. In this article, we examine how these prompt injection attacks work, measure their prevalence, discuss the limitations and challenges of current defenses, and suggest future research directions.

Keywords

Cite

@article{arxiv.2605.25871,
  title  = {How Agentic AI Coding Assistants Become the Attacker's Shell},
  author = {Yue Liu and Yanjie Zhao and Yunbo Lyu and Ting Zhang and Haoyu Wang and David Lo},
  journal= {arXiv preprint arXiv:2605.25871},
  year   = {2026}
}