Industry Newsvibe codingzero clickorchidssecurity
Orchids Exposes Zero-Click Vulnerability On Desktops
|
8.2
A BBC journalist and researcher Etizaz Mohsin demonstrated in December 2025 that Orchids, a "vibe-coding" AI platform with around one million users, has a desktop-app vulnerability allowing remote, zero-click access to projects and host machines. The exploit allowed viewing and modifying code and altering files without user action; the company did not respond before publication. The finding raises security concerns about AI agents' broad system permissions.
Scoring Rationale
High practical risk and industry relevance, supported by BBC demonstration but limited by single-source reporting and vendor silence.
Practice interview problems based on real data
1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems
