Securing AI coding agents: What IDEsaster vulnerabilities should you know (tigran.tech)

Ari Marzouk, a security researcher, unveiled a critical class of vulnerabilities dubbed "IDEsaster," affecting over 30 major AI Integrated Development Environments (IDEs) such as Claude Code, GitHub Copilot, and JetBrains IDEs. These vulnerabilities, which collectively ignore the foundational security of the IDE software, allow for severe attacks including data exfiltration, remote code execution, and credential theft. The attack vector exploits prompt injection combined with legitimate IDE features, creating a significant risk across the AI coding ecosystem as all tested IDEs were vulnerable and have received specific Common Vulnerabilities and Exposures (CVEs). The implications of IDEsaster are profound for the AI/ML community, as it highlights a fundamental architectural flaw within AI coding tools that must be addressed. Key attack patterns include remote JSON schema manipulations that can leak sensitive data, IDE settings overwrites permitting unauthorized code execution, and multi-root workspace exploitation that allows for running malicious code undetected. This landscape of threat also extends to the Model Context Protocol (MCP), which supports AI integration but has exhibited numerous security flaws. As organizations rush to adopt AI-assisted coding tools, the urgency for robust security measures has never been greater, marking IDEsaster as a pivotal moment for developers and security experts alike.