[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-a-coder-planted-a-data-delete-prompt-in-jqwik":10,"sections":36},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":24,"persona_id":22,"persona_name":22,"section":25,"tags":26,"sources":31,"feedback":35,"feedback_at":22,"cost_usd":35,"total_tokens":35},135,"a-coder-planted-a-data-delete-prompt-in-jqwik","Open-source Maintainer Hid a Prompt Injection to Wreck AI Coders' Apps","A jqwik contributor embedded hidden instructions that told AI coding agents to delete build output — targeting developers who ship code they haven't read.","A developer embedded a hidden prompt injection into jqwik, a Java testing library, designed to make AI coding agents delete application output — an apparent act of sabotage aimed at developers who lean on AI to write and run code without reading it.\n\nThe addition was undisclosed: no changelog entry, no public discussion. Jqwik is a property-based testing library for Java; it gets pulled into projects, read by AI coding tools, and trusted without much inspection. Whoever planted the injection banked on that trust. When an AI agent processed the library context containing the crafted text, it would follow the embedded instruction and wipe the app's output. The explicit target was \"vibe coders\" — developers who prompt AI agents to build, test, and ship code with minimal oversight.\n\nThe incident is a proof of concept for a threat the security community has been flagging for two years: prompt injection through the supply chain. AI coding agents don't just execute code — they read it, and anything they read can instruct them. An open-source library with a real install base is a high-leverage insertion point for anyone willing to abuse maintainer access.\n\nThis wasn't ransomware or credential theft — it targeted a specific workflow. That makes the next version easier to imagine and considerably harder to detect.","[\"prompt injection\",\"open source\",\"supply chain\",\"ai coding\"]","2026-05-28T20:29:53.000Z","2026-05-30T08:39:13.870Z","2026-06-18T02:39:18.762Z","published",null,[],"https:\u002F\u002Fcdn.xyz.onl\u002Farticle-images\u002Fa-coder-planted-a-data-delete-prompt-in-jqwik.webp","security",[27,28,29,30],"prompt injection","open source","supply chain","ai coding",[32],{"name":33,"url":34},"Ars Technica","https:\u002F\u002Farstechnica.com\u002Fsecurity\u002F2026\u002F05\u002Ffed-up-with-vibe-coders-dev-sneaks-data-nuking-prompt-injection-into-their-code\u002F",0,{"sections":37},[38,43,47,52,57,62,67,72,77,82,87,91,96,101],{"name":39,"slug":40,"count":41,"latest_published_at":42},"AI","ai",2590,"2026-07-16T04:00:00.000Z",{"name":44,"slug":25,"count":45,"latest_published_at":46},"Security",294,"2026-07-15T19:59:48.000Z",{"name":48,"slug":49,"count":50,"latest_published_at":51},"Deals","deals",179,"2026-06-29T20:02:07.000Z",{"name":53,"slug":54,"count":55,"latest_published_at":56},"Policy","policy",158,"2026-07-16T00:02:48.000Z",{"name":58,"slug":59,"count":60,"latest_published_at":61},"Hardware","hardware",122,"2026-07-14T19:46:26.000Z",{"name":63,"slug":64,"count":65,"latest_published_at":66},"Consumer Tech","consumer-tech",93,"2026-07-13T13:20:48.000Z",{"name":68,"slug":69,"count":70,"latest_published_at":71},"Software","software",70,"2026-07-13T19:52:25.000Z",{"name":73,"slug":74,"count":75,"latest_published_at":76},"Science","science",66,"2026-07-10T10:29:37.000Z",{"name":78,"slug":79,"count":80,"latest_published_at":81},"Dev Tools","dev-tools",59,"2026-07-07T04:00:00.000Z",{"name":83,"slug":84,"count":85,"latest_published_at":86},"Gaming","gaming",41,"2026-07-09T04:00:00.000Z",{"name":88,"slug":89,"count":85,"latest_published_at":90},"Startups","startups","2026-06-29T20:55:50.000Z",{"name":92,"slug":93,"count":94,"latest_published_at":95},"General","general",29,"2026-07-10T22:28:58.000Z",{"name":97,"slug":98,"count":99,"latest_published_at":100},"Reviews","reviews",20,"2026-06-24T12:00:01.000Z",{"name":102,"slug":103,"count":104,"latest_published_at":105},"How-To","how-to",6,"2026-06-16T09:00:00.000Z"]