Wrap Up: The Month of AI Bugs

That’s it.

The Month of AI Bugs is done. There won’t be a post tomorrow, because I will be at PAX West.

Finale Image

Overview of Posts

  1. ChatGPT: Exfiltrating Your Chat History and Memories With Prompt Injection | Video
  2. ChatGPT Codex: Turning ChatGPT Codex Into a ZombAI Agent | Video
  3. Anthropic Filesystem MCP Server: Directory Access Bypass Via Improper Path Validation | Video
  4. Cursor: Arbitrary Data Exfiltration via Mermaid | Video
  5. Amp Code: Arbitrary Command Execution via Prompt Injection | Video
  6. Devin AI: I Spent $500 To Test Devin For Prompt Injection So That You Don’t Have To
  7. Devin AI: How Devin AI Can Leak Your Secrets via Multiple Means
  8. Devin AI: The AI Kill Chain in Action: Exposing Ports to the Internet via Prompt Injection
  9. OpenHands - The Lethal Trifecta Strikes Again: How Prompt Injection Can Leak Access Tokens
  10. OpenHands: Remote Code Execution and AI ClickFix Demo | Video
  11. Claude Code: Data Exfiltration with DNS Requests (CVE-2025-55284) | Video
  12. GitHub Copilot: Remote Code Execution (CVE-2025-53773) | Video
  13. Google Jules: Vulnerable to Multiple Data Exfiltration Issues
  14. Google Jules - Zombie Agent: From Prompt Injection to Remote Control
  15. Google Jules: Vulnerable To Invisible Prompt Injection
  16. Amp Code: Invisible Prompt Injection Vulnerability Fixed
  17. Amp Code: Data Exfiltration via Image Rendering Fixed | Video
  18. Amazon Q Developer: Secrets Leaked via DNS and Prompt Injection | Video
  19. Amazon Q Developer: Remote Code Execution via Prompt Injection | Video
  20. Amazon Q Developer: Vulnerable to Invisible Prompt Injection | Video
  21. Windsurf: Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets | Video
  22. Windsurf: Memory-Persistent Data Exfiltration - SpAIware Exploit
  23. Windsurf: Sneaking Invisible Instructions by Developers
  24. Deep Research Agents: How Deep Research Agents Can Leak Your Data
  25. Manus: How Prompt Injection Hijacks Manus to Expose VS Code Server to the Internet | Video
  26. AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection | Video
  27. Cline: Vulnerable to Data Exfiltration and How to Protect Your Data | Video
  28. Windsurf MCP Integration: Missing Security Controls Put Users at Risk | Video
  29. Season Finale: AgentHopper: An AI Virus Research Project Demonstration | Video

Thank you for following this research, and I hope it serves as a useful reference.

With that said, my posting schedule will go back to a less frequent cadence.

Wish you all well, and happy hacking!

Cheers, Johann.

References