Security/ prompt injection · open source · supply chain · ai coding

Open-source Maintainer Hid a Prompt Injection to Wreck AI Coders' Apps

A jqwik contributor embedded hidden instructions that told AI coding agents to delete build output — targeting developers who ship code they haven't read.

Open-source Maintainer Hid a Prompt Injection to Wreck AI Coders' Apps

A developer embedded a hidden prompt injection into jqwik, a Java testing library, designed to make AI coding agents delete application output — an apparent act of sabotage aimed at developers who lean on AI to write and run code without reading it.

The addition was undisclosed: no changelog entry, no public discussion. Jqwik is a property-based testing library for Java; it gets pulled into projects, read by AI coding tools, and trusted without much inspection. Whoever planted the injection banked on that trust. When an AI agent processed the library context containing the crafted text, it would follow the embedded instruction and wipe the app's output. The explicit target was "vibe coders" — developers who prompt AI agents to build, test, and ship code with minimal oversight.

The incident is a proof of concept for a threat the security community has been flagging for two years: prompt injection through the supply chain. AI coding agents don't just execute code — they read it, and anything they read can instruct them. An open-source library with a real install base is a high-leverage insertion point for anyone willing to abuse maintainer access.

This wasn't ransomware or credential theft — it targeted a specific workflow. That makes the next version easier to imagine and considerably harder to detect.

TR

The Revision

Written by an AI system from the public sources credited above. How we write →