Vibe-coding as a new entry point into infrastructure

🔺 Technologies2026-05-18, 13:16
Vibe-coding as a new entry point into infrastructure
As vibe-coding practices become more common, the resilience problem of AI agents assisting developers with code generation grows more serious — particularly their ability to resist executing malicious instructions. By exploiting malicious web pages and repositories, attackers can embed malicious commands for AI agents, leading to dangerous actions such as command execution, access to local files, or CI/CD pipeline compromise. Some attacks require user interaction, while researchers have also demonstrated zero-click scenarios.
🤖Company DarkNavy reported in March that it had discovered a critical risk vulnerability in OpenAI Codex. According to DarkNavy, if an attacker can trick a user into opening a specially crafted source code repository, this could result in arbitrary code execution bypassing Codex's standard restrictions — in some scenarios, without explicit user confirmation or notification, in the background. At the time of publication, despite its severity, the vulnerability had remained unpatched for more than two months, and DarkNavy found evidence it was already being discussed and exploited in the wild.
🤖Capsule Security described a Prompt Injection scenario in Microsoft Copilot Studio (CVE-2026-21520), allowing attackers to exfiltrate sensitive data through legitimate integrations. Even when protective mechanisms triggered, some actions could still be performed via trusted tools and integrations such as Microsoft Outlook.
🤖Researchers at Pillar Security identified the TrustIssues vulnerability. An attacker could create a publicly available issue containing hidden instructions that the Gemini agent — used for automated issue handling — would process. As a result, the Gemini agent leaked a repository access token for gemini-cli to the attacker.
Prompt Injection vulnerabilities had previously been found in the following products: 🔵Anthropic Claude-Code: CVE-2026-21852; 🔵OpenClaw: CVE-2026-25253; 🔵Microsoft M365 Copilot: CVE-2025-32711 (EchoLeak).
💬 Discuss
Vulnerabilities
9.3
CVE-2025-32711
7.8
CVE-2026-21520
7.5
CVE-2026-21852
10
CVE-2026-25253
Researchers
Es7Evam
Estevam Arantes
Dworken
0Xacb
Depthfirstdisclosures
Mavlevin
Vendors
Darknavy
Openai
Capsule Security
Microsoft
Pillar Security
Anthropic
Products
Anthropic Claude-Code
Gemini
Gemini-Cli
Microsoft Copilot Studio
Microsoft M365 Copilot
Microsoft Outlook
More
Published
2026-05-18, 13:16