Security · 2h ago
Amazon Q bug allowed malicious Git repos to steal cloud credentials
Security researchers found that Amazon Q's AI coding assistant could be tricked by booby-trapped Git repositories into executing arbitrary code and exfiltrating cloud credentials. The flaw exploited how the tool processes project configuration files. Amazon has since patched the vulnerability.
Meridian48 take
This highlights a broader risk: AI coding assistants that blindly trust project configurations can become attack vectors, not just productivity tools.
Read the full reporting
Amazon Q flaw let booby-trapped Git repos execute code, swipe cloud creds →
The Register
amazon-qai-coding-assistant