Researcher Discloses IDEsaster AI IDE Vulnerabilities
On December 6, 2025, security researcher Ari Marzouk (MaccariTA) disclosed more than 30 vulnerabilities in AI-powered integrated development environments (IDEs). The flaws — dubbed "IDEsaster" — combine prompt-injection primitives with legitimate IDE features to enable data exfiltration and remote code execution, affecting popular IDE integrations and plugins and posing risks to developer workflows and code repositories.
Key Points
- 1Discloses over 30 vulnerabilities in AI-powered IDEs enabling prompt-injection exploitation.
- 2Highlights risk that combining prompt-injection with IDE features enables data exfiltration and RCE.
- 3Advises developers and security teams to audit extensions, sanitize prompts, and apply mitigations.
Scoring Rationale
Broad, actionable vulnerability disclosure affecting multiple popular IDEs, but currently relies on a single researcher's report.
Sources
Public references used for this report.
Practice with real FinTech & Trading data
90 SQL & Python problems · 15 industry datasets
250 free problems · No credit card
See all FinTech & Trading problems
