How Amazon's 'AI mistake' is a basic lesson for every engineer using Gen-AI for coding
The incident is said to have occurred in late June when the hacker submitted a seemingly legitimate update, or 'pull request,' to the public GitHub repository hosting Amazon's Q Developer code. Amazon, like many tech companies, allows external developers to propose improvements to its open-source projects. The malicious update, which included hidden instructions to reset systems to a 'near-factory state,' went undetected and was approved, Bloomberg noted. The hacker exploited the AI's susceptibility to natural-language manipulation, a tactic that blends technical exploits with social engineering.
Amazon distributed the tampered version of Q Developer, putting users at risk of data loss. Fortunately, the hacker minimized the impact to demonstrate the flaw, and Amazon 'quickly mitigated' the issue, according to the company's statement to Bloomberg. However, the breach underscores broader security concerns in
AI-driven software development
.
Vibe coding may be way to go, but there is a security tip
by Taboola
by Taboola
Sponsored Links
Sponsored Links
Promoted Links
Promoted Links
You May Like
AirSense 11 – Smart tech for deep sleep
ResMed
Buy Now
Undo
Generative AI is transforming coding, enabling developers to save hours by auto-completing code or writing it from natural-language prompts, a trend dubbed 'vibe coding.' Startups like Replit, Lovable, and Figma, valued at $1.2 billion, $1.8 billion, and $12.5 billion respectively by Pitchbook, have capitalized on this, often building on models like OpenAI's ChatGPT or Anthropic's Claude. Yet, vulnerabilities persist. The 2025 State of Application Risk Report by Legit Security, cited in the report, found that 46% of organizations using AI for software development do so in risky ways, with many unaware of where AI is deployed in their systems.
Other incidents reinforce the trend. Lovable, described by Forbes as the fastest-growing software startup, recently left its databases unprotected, exposing user data, Bloomberg noted. Replit, a competitor, discovered the flaw, prompting Lovable to admit on Twitter, 'We're not yet where we want to be in terms of security.'
What should developers do
To mitigate risks, experts suggest instructing AI models to prioritize secure code or mandating human audits of AI-generated code, though this could reduce efficiency, Bloomberg reported. As 'vibe coding' democratizes software development, the security challenges it introduces demand urgent attention to prevent future exploits.
AI Masterclass for Students. Upskill Young Ones Today!– Join Now
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Hindustan Times
18 minutes ago
- Hindustan Times
‘Making those like India pay for war profiteering…': US Senator on Trump's tariff threat
US Senator Lindsey Graham on Tuesday responded to United States President Donald Trump's threat that he would 'substantially raise' tariffs against India. Graham, in a post on X, said, 'Well said, Mr. President. I appreciate your strong commitment to ending this bloodbath in Ukraine."(Bloomberg) Replying to Trump's statement, Graham said, 'Well said, Mr. President. I appreciate your strong commitment to ending this bloodbath in Ukraine. Making those like India pay a price for their war profiteering is a good place to start.' Trump on Monday threatened to raise tariffs against India for its purchase of Russian oil. 'India is not only buying massive amounts of Russian Oil, they are then, for much of the Oil purchased, selling it on the Open Market for big profits,' Trump said in a post on Truth Social. The US President further said, 'They don't care how many people in Ukraine are being killed by the Russian War Machine. Because of this, I will be substantially raising the Tariff paid by India to the USA.' Trump again reiterated his claim that India has the highest tariffs on US goods in the world on Tuesday while speaking to CNBC. He said that India 'has not been a good trading partner because they do a lot of business with us, but we don't do business with them'. Trump added that he would be raising the tariffs on India in the next 24 hours. The US President had announced 25 per cent tariffs on India on July 30, citing 'trade barriers' and the purchase of military equipment and energy from Russia. 'Remember, while India is our friend, we have, over the years, done relatively little business with them because their Tariffs are far too high, among the highest in the World, and they have the most strenuous and obnoxious non-monetary Trade Barriers of any Country,' Trump said in a post on Truth Social. '…they have always bought a vast majority of their military equipment from Russia, and are Russia's largest buyer of ENERGY, along with China, at a time when everyone wants Russia to STOP THE KILLING IN UKRAINE — ALL THINGS NOT GOOD!' Trump said. He stated that the US would also impose a penalty on India along with the 25 per cent tariffs.
Hans India
an hour ago
- Hans India
Reports suggest Apple is working on an AI-driven answer platform
Apple has reportedly assembled a team to build an AI-powered app akin to ChatGPT, Bloomberg's Mark Gurman reports. Reportedly called Answers Knowledge Information AKI team is working on building an 'AI answer engine' capable of using the information from across the web to answer questions posed to it. This feature could be in a standalone app or provide search capability to Siri, Safari, and other Apple products. Gurman also states that Apple is hiring for this in-house AI team, as it is on the lookout for candidates with experience in search algorithms and engine development. Apple has already integrated ChatGPT Siri integration allows users to access AI-features without having to build its own app in-house. However, a more personalized, AI-powered update to Siri has been delayed on numerous accounts and is reportedly in the works. Apple may also be forced to change its search agreement with Google due to the company's recent antitrust loss. Gurman states that Apple is notably behind when it comes to artificial intelligence, and some of its leaders have even expressed skepticism at integrating ChatGPT-style search. The privacy issues surrounding OpenAI's platform has also meant Apple may be interested in a more personalized, Apple-made answer engine. The new 'answers engine' that Apple is reportedly building, could either be a standalone app. It is more likely to offer search capabilities to Siri, Safari, and other Apple products. The tech giant is actively hiring for this team, as seen on its recent job listings, with Apple specifically looking for candidates with experience with Safari search algorithms and engine development. It's worth noting that Apple is not yet on the conversational AI warpath that some other tech giants are, in which they are recruiting AI talent and paying them insane amounts of money to switch companies. Metal has reportedly been poaching top AI talent and adding them to its Super Intelligence Labs with upwards of $100 million on a multi-year deal. It's unknown as to whether Apple will be just as aggressive with its own recruiting.
Economic Times
an hour ago
- Economic Times
US stock market today: Palantir Technologies, Axon Enterprise, Yum Brands stocks jump but S&P 500, Dow Jones, Nasdaq are down
U.S. stock market indexes are slipping Tuesday following the latest discouraging signal on the U.S. economy. The S&P 500 was down 0.5 per cent in midday trading, coming off its best day since May, which followed its worst day since May. The Dow Jones Industrial Average was down 189 points, or 0.4 per cent, and the Nasdaq composite was 0.6 per cent lower. A weaker-than-expected report on activity for U.S. businesses in the transportation, retail and other services industries added to worries that President Donald Trump's tariffs may be hurting the economy. But increased hopes for coming cuts to interest rates by the Federal Reserve, along with a stream of stronger-than-expected profit reports from U.S. companies, are helping to keep the losses in Personal Care, the company behind the Schick, Playtex and Banana Boat brands, fell 20.2 per cent after reporting lower profit and revenue for the latest quarter than analysts expected. CEO Rod Little said it was a very weak season for sun care in North America, while tariffs are acting as a drag on slipped 0.7 per cent after likewise reporting a profit that fell short of analysts' expectations. Its operating profit sank 18 per cent from a year earlier, largely due to tariffs making its manufacturing costs more kinds of companies have been telling investors how much they expect tariffs to shave off their earnings this year, and trade policy was one of the most common topics U.S. services businesses talked about in the latest monthly survey compiled by the Institute for Supply Management about their activity.'Tariffs are causing additional costs as we continue to purchase equipment and supplies,' one company in the health care and social assistance business said, for example. 'Though we need to continue with these purchases, the cost is significant enough that we are postponing other projects to accommodate these cost changes.' Another business in the real estate, rental and leasing industry told the institute that economic 'uncertainty remains the dominant theme. However, the tariff talk has turned out to be much more bluster than actual policy, and businesses have seemed to tune out the noise.'Even the threat of tariffs isn't seeming to slow the juggernaut of investment flowing into artificial-intelligence Technologies jumped 7.9 per cent after the provider of AI platforms reported a stronger profit for the latest quarter than analysts expected. The AI darling also raised its forecast for revenue over the full year, and its stock climbed further after it had already doubled for the year so far coming into the day.'We continue to see the astonishing impact of AI leverage,' CEO Alex Karp said. Axon Enterprise leaped 15.1 per cent after the company, which sells Tasers, body cameras and software to public safety departments, reported a much stronger profit than analysts expected. It also cited growth in its AI offerings, which can save time for transcriptions and other tasks, and raised its forecast for revenue this year. On the losing side of Wall Street was American Eagle Outfitters, which dropped 9.8 per cent to give back some of its 23.6 per cent jump from the day before. That's when Trump weighed in on the debate surrounding the retailer's advertisements, which highlight actor Sydney Sweeney's great critics thought the ad's reference to the blonde-haired and blue-eyed actor's 'great genes' may be extolling a narrow set of beauty standards, while Trump said that being 'WOKE is for losers.' Yum Brands fell 3.2 per cent after the company behind KFC, Taco Bell and Pizza Hut reported results for the latest quarter that came up just short of analysts' expectations. The pressure is on companies to report bigger profits after the U.S. stock market surged to record after record from a low point in April. The big rally fueled criticism that the broad market had become too stock prices to look like better bargains, either companies need to produce bigger profits, or interest rates need to fall. The latter may happen in September, when the Federal Reserve has its next meeting. Q1. How are Yum Brands stocks performing?A1. Yum Brands fell 3.2 per cent after the company behind KFC, Taco Bell and Pizza Hut reported results for the latest quarter that came up just short of analysts' expectations. Q2. How are Palantir Technologies stocks performing? A2. Palantir Technologies jumped 7.9 per cent after the provider of AI platforms reported a stronger profit for the latest quarter than analysts expected. The AI darling also raised its forecast for revenue over the full year, and its stock climbed further after it had already doubled for the year so far coming into the day.
