A hidden prompt inside an ordinary image file was enough to hijack an AI coding assistant.
Security researchers found they could embed a prompt injection attack directly inside a PNG image. When an AI coding assistant processed the image, it followed the hidden instructions rather than the user's, potentially exposing sensitive data in the process. The technique exploits how multimodal AI systems parse visual input — the model reads text encoded in the image as a legitimate instruction. No malicious executable, no obvious red flag.
This matters because AI coding assistants now sit inside developer workflows with access to codebases, environment variables, and credentials. An attack that looks like a harmless screenshot or design mockup is far harder to screen than a suspicious script. Developers tend to trust visual inputs in a way they would not trust an unknown code file.
Prompt injection is not new — researchers have demonstrated text-based variants for years — but extending the attack surface to image files raises the ceiling on what an attacker can sneak past a distracted developer. Until AI toolmakers build reliable input sanitization across every modality, the safest assumption is that any model input is a potential attack vector.