IDEsaster research exposes 30+ flaws in EVERY major AI coding IDE

Dec 2025

Security researcher Ari Marzouk discovered over 30 vulnerabilities across AI coding tools including GitHub Copilot, Cursor, Windsurf, Claude Code, Zed, JetBrains Junie, and more. 100% of tested AI IDEs were vulnerable to attack chains combining prompt injection with auto-approved tool calls and legitimate IDE features to achieve data exfiltration and remote code execution.

Incident Details

Perpetrator:AI coding assistants

Severity:Catastrophic

Blast Radius:Millions of developers using AI-powered IDEs exposed to RCE and data exfiltration via universal attack chains

Tech Stack

GitHub CopilotCursorWindsurfClaude CodeZedRoo CodeJetBrains JunieCline

References

The Hacker News: Researcher Uncovers 30+ Flaws in AI Coding Tools ↗MaccariTA: IDEsaster research disclosure ↗Fortune: AI coding tools security exploits ↗Tom's Hardware: Critical flaws found in AI development tools ↗