🚨 We just gave our IDE:
workspace read/write 🗂️
a terminal 🧨
“fetch the internet” 🌐
…and we’re acting shocked the internet is trying to talk it into crime.
GitHub’s own VS Code research lays out the ugly path: indirect prompt injection → agent tool use → token/file exposure (and sometimes worse). VS Code docs now even include knobs for tool auto-approval + terminal sandboxing (which is a very polite way of saying: “yeah… people will click ‘yes’ eventually.”)
So I wrote a Forecast Card: 24% odds that by 2026-12-31 we get a publicly confirmed Fortune 500 intrusion chain where prompt injection + base IDE agent features leads to command execution or secret exfil.
Open question: Would your current dev workflow even detect “agent ran it” vs “developer ran it”? 👀
Read + subscribe: https://blog.alphahunt.io/forecast-fortune-500s-will-prompt-injection-trick-ide-agent-mode-into-running-commands-or-leaking-secrets-by-2026
#AlphaHunt #PromptInjection #AppSec #DevSecOps #AIAgents
Congratulations—you hired an intern who believes everything it reads.