Critical flaws found in AI development tools are dubbed an 'IDEsaster' — data theft and remote code execution possible

A recent investigation has uncovered over thirty security vulnerabilities in AI-assisted development tools, leading to potential data theft and remote code execution. These vulnerabilities affect popular IDEs like Visual Studio Code, JetBrains products, and others, allowing attackers to manipulate AI agents for malicious purposes. The core issue lies in how AI agents interact with traditional IDE features, turning previously benign functions into attack surfaces. The report suggests that all tested AI IDEs were vulnerable, with products like GitHub Copilot and Cursor among those affected. The research emphasizes the need for a fundamental redesign of IDEs to address these security risks in the long term.