中文

How Agentic AI Coding Assistants Become the Attacker's Shell

软件工程 2026-05-26 v1 密码学与安全

摘要

Agentic AI coding assistants can edit files, run commands, and access the internet on behalf of developers. However, their reliance on unvetted external artifacts introduces a new attack vector. Hidden instructions in external artifacts can hijack these assistants, turning them into an attacker's shell to run unauthorized commands. In this article, we examine how these prompt injection attacks work, measure their prevalence, discuss the limitations and challenges of current defenses, and suggest future research directions.

关键词

引用

@article{arxiv.2605.25871,
  title  = {How Agentic AI Coding Assistants Become the Attacker's Shell},
  author = {Yue Liu and Yanjie Zhao and Yunbo Lyu and Ting Zhang and Haoyu Wang and David Lo},
  journal= {arXiv preprint arXiv:2605.25871},
  year   = {2026}
}