Today’s roundup

• Wrap Up: The Month of AI Bugs

Summary

A comprehensive wrap-up of 29 AI security vulnerabilities disclosed in August 2025 includes critical flaws in major platforms: GitHub Copilot had a remote code execution vulnerability (CVE-2025-53773), while Claude Code allowed data exfiltration via DNS requests (CVE-2025-55284). Devin AI demonstrated multiple risks, including secret leakage through prompt injection and unintended internet port exposure. Amazon Q Developer exhibited three severe flaws: secrets leakage via DNS, remote code execution, and invisible prompt injection vectors. Google Jules faced data exfiltration risks, zombie agent hijacking via prompt injection, and invisible instruction vulnerabilities. Windsurf's AI integration exposed developer secrets through memory-persistent exploits and hidden instruction attacks. AWS Kiro enabled arbitrary code execution via indirect prompt injection. Amp Code addressed resolved vulnerabilities including invisible prompt injection and image-based data leaks. OpenHands showed remote code execution capabilities and access token leakage risks. The research concluded with AgentHopper, demonstrating AI virus propagation mechanisms. Multiple vendors issued fixes, including patches for Amp Code's prompt injection and image rendering flaws.