AI Coding Agents Have a Dirty Secret

Go to https://piavpn.com/godago to get 83% off from our sponsor Private Internet Access with 4 months free! Security researcher Ari “MaccariTA” Marzouk discovered 30+ vulnerabilities (CVEs) in EVERY major AI coding tool and named it IDEsaster . Cursor, Claude Code, GitHub Copilot, Windsurf, Antigravity, VS Code, JetBrains with Junie, Gemini CLI - all of them. 1.8 million developers at risk. 🔥 AND now Clawdbot/Moltbot/OpenClaw fiasco is happening. I hope you all stay safe! In this video I explain what prompt injection is, why "vibe coding" can be dangerous if you blindly trust AI, and exactly how to protect yourself. I also include a prompt to use for checking your AI Coding Tools. 📖 VIDEO RESOURCES & LINKS: Prompt to check Your AI IDEs: https://github.com/godagoo/ide-security-audit IDEsaster Research (30+ CVEs): https://maccarita.com/posts/idesaster/ Claude Code 8 Attack Methods: https://flatt.tech/research/posts/pwning-claude-code-in-8-different-ways/ MCPoison Attack (Cursor): https://research.checkpoint.com/2025/cursor-vulnerability-mcpoison/ CurXecute (CVE-2025-54135): https://www.bleepingcomputer.com/news/security/ai-powered-cursor-ide-vulnerable-to-prompt-injection-attacks/ Rules File Backdoor: https://thehackernews.com/2025/03/new-rules-file-backdoor-attack-lets.html Vibe Coding Study (69 vulnerabilities): https://blog.tenzai.com/bad-vibes-comparing-the-secure-coding-capabilities-of-popular-coding-agents/ ⏱️ TIMESTAMPS 0:00 30 CVEs Found in AI Tools 0:30 Why This Shouldn't Surprise You 1:30 "Your AI Clicks Links For You" 2:30 Prompt Injection Explained 3:30 First Line of Defense (PIA VPN) 4:30 I Checked My Own Tools 5:30 3 Attack Categories 7:00 4 Ways to Protect Yourself 8:30 The Bigger Picture 10:00 Keep Building 🎖️ CREDIT This video is based on the "IDEsaster" research by Ari Marzuk (@ari_maccarita). His work uncovered 30+ vulnerabilities, resulting in 24 CVEs and an AWS security advisory. 100% of tested tools were vulnerable. → Full research: https://maccarita.com/posts/idesaster/ → Follow Ari: https://x.com/ari_maccarita Affected AI Coding IDEs: Cursor, Claude Code, GitHub Copilot, VS Code, Windsurf, Antigravity, JetBrains + Junie, Gemini CLI, Cline, Roo Code, Continue, Zed #AIcoding #cursor #claudecode #githubcopilot #vibecoding #aisecurity #promptinjection #cybersecurity #codingtools #developersecurity #aitools #windsurf #copilot #vscode #jetbrains #cve #hacking #codingtips #aiprogramming #aiassistant #vpn #privateinternetaccess #pia