A recent security breach involving a popular AI coding platform, Orchids, allowed a hacker to remotely take over a BBC journalist’s laptop without any user interaction, exploiting a vulnerability in the tool. This “vibe-coding” software enables users to create apps by typing commands into a chatbot, but it introduced a silent backdoor. Cybersecurity researcher Etizaz Mohsin demonstrated this flaw by making a minor alteration to the AI-generated code, gaining access within seconds, and displaying a message: “you are hacked.” Unlike typical cyberattacks requiring user actions, this zero-click takeover occurred through trusted AI processes. Experts caution that while these tools offer efficiency, they also increase the risk of undetected vulnerabilities spreading across projects. Users are advised to run AI tools on separate devices, use disposable accounts, and scrutinize permissions to mitigate risks. As the AI coding trend continues, enhancing security measures becomes crucial to safeguard user systems.
Source link
