Embrace The Red: Amp Code: Invisible Prompt Injection Fixed by Sourcegraph

Aug 17, 2025

—

Source URL: https://embracethered.com/blog/posts/2025/amp-code-fixed-invisible-prompt-injection/
Source: Embrace The Red
Title: Amp Code: Invisible Prompt Injection Fixed by Sourcegraph

Feedly Summary: In this post we will look at Amp, a coding agent from Sourcegraph. The other day we discussed how invisible instructions impact Google Jules.
Turns out that many client applications are vulnerable to these kinds of attacks when they use models that support invisible instructions, like Claude.
Invisible Unicode Tag Characters Interpreted as Instructions We have talked about hidden prompt injections quite a bit in the past, and so I’m keeping this short.

AI Summary and Description: Yes

Summary: The text discusses vulnerabilities in client applications utilizing AI models that support invisible instructions, specifically pointing out how these can lead to security risks like hidden prompt injections. This is highly relevant for professionals working in AI security and information security, as it underscores a potential attack vector within AI-powered systems.

Detailed Description: The provided content highlights an emerging concern in AI security, specifically related to how certain models may be exploited through invisible instructions. This becomes particularly significant as businesses increasingly adopt AI technologies. Here are the key points of discussion:

* **Amp from Sourcegraph**: A coding agent that is possibly linked to discussions around coding practices and security within AI development.
* **Vulnerability Awareness**: The mention of “invisible instructions” implies a flaw in how certain AI models interpret data, which poses a risk to applications that rely on these technologies.
* **Hidden Prompt Injections**: The text references previous discussions on hidden prompt injections, indicating a continued concern regarding how subtle manipulations can lead to unauthorized control or malicious outputs.
* **Implications for Security**:
– Organizations need to be vigilant about the types of inputs their AI systems accept.
– There may be a need for enhanced validation and filtering mechanisms to prevent such attacks.
– Encourages further investigation and understanding of invisible Unicode characters and their potential use in crafting malicious prompts.

Overall, these insights are crucial for security professionals focused on mitigating risks associated with generative AI frameworks, while also emphasizing the need for ongoing vigilance against emerging threats in AI security.

2 2025 5 a Act age agent AI AI development AI frameworks ai model AI models AI security AI systems AI technologies All and app Application applications art as at ated attack attack vector attacks aware awareness Bi business by C CERN CI CIA Claude client co code coding coding agent coding practices content control core D data day de development e emerging emerging threats ERP event exp exploit filtering focused for framework frameworks g Gen generative Generative AI Go Google Google Jules graph H hidden prompt injections high Highlight HR http HTTPS ICO impact implications implications for security in information information security injection injections insights instruction inter interpret investigation invisible instructions io ite J k keeping Key l Lance law led Li Link linked M man manipulation mitigating risks Mode model models N NGO no NPU o of on ons OPM opt organization organizations oS oss other out output Outputs over point post potential Power powered practices pre pro professionals prompt prompt injections prompt-injection prompts ps Q R rag RCE re red Risk risks Ro s sec security security professionals security risk security risks short Sig SoC source Sourcegraph specific SSE SSO STIG support system systems T tech technologies ted text the threat threats to Tor TP turn type UI under Unicode unicode characters up US use uth V val Valid Validation vigilance vulnerabilities vulnerability vulnerability awareness Ware Wi x z