Upstream Alert: Amazon Q almost helped to optimise AWS bills in seconds

A malicious pull request slipped into Amazon’s AI coding assistant and nearly turned it into a self-destruct bot. It’s a reminder that prompt injection isn’t theoretical.

Aug 19, 2025

∙ Paid

News: https://www.404media.co/hacker-plants-computer-wiping-commands-in-amazons-ai-coding-agent/

What happened?

In July 2025, a hacker quietly slipped a little bomb into Amazon’s AI coding assistant, Amazon Q for VS Code. And Amazon shipped it.

The attacker submitted a pull request to the open-source repo behind the extension with a carefully crafted instruction to trick the AI assistant into running destructive commands.

The prompt told Amazon Q to do something very “helpful”: wipe the user’s local filesystem and delete all their AWS cloud resources. The perfect Cost Optimisation strategy.

The language was subtle, such as “clean up the environment”. But the commands included full-on disk wipes and “aws delete” CLI calls. Next time you ask your AI assistant to “clean up” something because you are too lazy to do it yourself, be careful!

Continue reading this post for free, courtesy of Matt.

Or purchase a paid subscription.

Beaver Duty

Upstream Alert: Amazon Q almost helped to optimise AWS bills in seconds

A malicious pull request slipped into Amazon’s AI coding assistant and nearly turned it into a self-destruct bot. It’s a reminder that prompt injection isn’t theoretical.

What happened?

Continue reading this post for free, courtesy of Matt.