Amazon's AI coding assistant exposed nearly a million users to a potential system wipe

Nearly 1 million Amazon AI coding users were exposed to system wipe via hacking vulnerability.

: A hacker breached Amazon's generative AI coding assistant affecting nearly a million users. The attack used a pull request to introduce system-wiping commands in the software's GitHub repository. This vulnerability highlighted inadequate security protocols but was found nonfunctional due to a technical error. Amazon has since removed the malicious code and released an updated version, stressing improved security procedures.

Earlier in July 2025, a significant cybersecurity breach occurred involving Amazon's AI coding assistant 'Amazon Q', impacting almost a million users. This breach, executed through the Visual Studio Code extension, stemmed from a hacker exploiting lax security protocols in Amazon's development workflows. The method of attack was a routine pull request, which, upon acceptance, integrated malicious commands designed to potentially wipe user systems and related Amazon Web Services resources.

The compromised code was included in version 1.84.0 of the Amazon Q extension, distributed on July 17. This incident was not immediately detected by Amazon, leading to the criticized decision of not alerting users promptly. Experts, including Corey Quinn from The Duckbill Group, expressed concerns about this breach indicating deeper issues in code verification processes and access management. The incident was described as a revelation of 'security theater', a term used to denote ineffective security practices.

Despite the initial alarm, the hacker revealed that the inserted code was intentionally nonfunctional, serving more as a demonstrative gesture to shed light on Amazon's security vulnerabilities. The objective was not to cause damage but to compel Amazon to enhance security protocols in integrating AI into development pipelines. Amazon's subsequent investigation concluded no execution of the harmful commands was possible, due to a technical flaw in the code.

Following the breach, Amazon took corrective measures by revoking the compromised credentials, expunging the unauthorized codes, and guiding users to update to version 1.85.0. The company reiterated its commitment to prioritizing cybersecurity and has reportedly reassessed its verification processes.

The breach has become a point of analysis and reform for the tech community, highlighting the risks of integrating AI in development and advocating for improved code review and management protocols. It demonstrated that regardless of technological advancements, security remains a critical, albeit challenging, component of software development.

Sources: TechSpot, 404 Media, ZDNet