A new security study has revealed a worrying vulnerability in AI-powered programming tools, after researchers successfully concealed malicious instructions inside a PNG image, which an AI-powered programming assistant treated as legitimate commands, even though the image appeared completely normal.

The experiment highlights a new type of attack known as Prompt Injection, which targets the way AI models interpret different files, not the model itself.

Hidden instructions inside an image

The experiment was conducted by Professor Sudipta Chattopadhyay and researcher Moradi Iedija, who hid malicious instructions inside an image file attached to a pull request.

Since many AI-powered code review tools treat images as decorative elements not worthy of close inspection, the image passed without raising any suspicion, while the AI was able to read the embedded instructions, according to a report published by digitaltrends and seen by Al Arabiya Business.

The attack does not activate immediately

The striking aspect of this method is that the attack is not triggered immediately after the code changes are accepted.

Instead, it waits until the developer later uses an AI programming assistant to perform a completely different task, such as creating a new function or adding a module.

By then, the assistant has absorbed the hidden instructions inside the image and may, without the user's knowledge, begin accessing sensitive files within the project, then merge confidential data into the code it generates.

Smartly hiding stolen data

The stolen information is not inserted clearly into the code but is hidden as seemingly normal values or variables, making it harder to detect by both developers and traditional security scanning tools.

The problem is not with the AI model

The study showed that the attack's success does not depend on the AI model used, but on the software tool that employs it.

In some cases, programming tools automatically responded to the hidden instructions, while other tools detected the suspicious behavior and refused to execute the commands.

This indicates that the risk is not tied to a specific chatbot, but to the way AI-powered programming platforms determine which files can be trusted, and whether they are allowed to access various project contents.

How can this risk be reduced?

The researchers believe that the solution lies in developing code review tools to become truly multimodal, so that they treat images, documents, configuration files, and other non-code files with the same level of scrutiny applied to source code.

If AI is capable of reading images, it should also be capable of recognizing that these images may contain instructions intended to manipulate it.

A warning for developers

The study confirms that AI-powered programming tools can greatly accelerate software development, but at the same time open the door to new attack methods that did not exist before.

Therefore, the researchers emphasize that fully relying on these tools without human oversight could pose a risk, because the next threat may not be hidden among thousands of lines of code, but inside a simple image that no one thought to examine.

Advertisement

Advertisement