coding agent – Experimental News Clipping Site

Simon Willison’s Weblog: Kimi-K2-Instruct-0905

Sep 6, 2025

—

by

Source URL: https://simonwillison.net/2025/Sep/6/kimi-k2-instruct-0905/#atom-everything Source: Simon Willison’s Weblog Title: Kimi-K2-Instruct-0905 Feedly Summary: Kimi-K2-Instruct-0905 New not-quite-MIT licensed model from Chinese Moonshot AI, a follow-up to the highly regarded Kimi-K2 model they released in July. This one is an incremental improvement – I’ve seen it referred to online as “Kimi K-2.1". It scores a little higher on a…

Embrace The Red: Windsurf MCP Integration: Missing Security Controls Put Users at Risk

Aug 28, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/windsurf-dangers-lack-of-security-controls-for-mcp-server-tool-invocation/ Source: Embrace The Red Title: Windsurf MCP Integration: Missing Security Controls Put Users at Risk Feedly Summary: Part of my default test cases for coding agents is to check how MCP integration looks like, especially if the agent can be configured to allow setting fine-grained controls for tools. Sometimes there are basic…

Embrace The Red: Cline: Vulnerable To Data Exfiltration And How To Protect Your Data

Aug 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/cline-vulnerable-to-data-exfiltration/ Source: Embrace The Red Title: Cline: Vulnerable To Data Exfiltration And How To Protect Your Data Feedly Summary: Cline is quite a popular AI coding agent, according to the product website it has 2+ million downloads and over 47k stars on GitHub. Unfortunately, Cline is vulnerable to data exfiltration through the rendering…

Embrace The Red: AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection

Aug 26, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/aws-kiro-aribtrary-command-execution-with-indirect-prompt-injection/ Source: Embrace The Red Title: AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection Feedly Summary: On the day AWS Kiro was released, I couldn’t resist putting it through some of my Month of AI Bugs security tests for coding agents. AWS Kiro was vulnerable to arbitrary command execution via indirect prompt…

Simon Willison’s Weblog: DeepSeek 3.1

Aug 22, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Aug/22/deepseek-31/#atom-everything Source: Simon Willison’s Weblog Title: DeepSeek 3.1 Feedly Summary: DeepSeek 3.1 The latest model from DeepSeek, a 685B monster (like DeepSeek v3 before it) but this time it’s a hybrid reasoning model. DeepSeek claim: DeepSeek-V3.1-Think achieves comparable answer quality to DeepSeek-R1-0528, while responding more quickly. Drew Breunig points out that their benchmarks…

Simon Willison’s Weblog: too many model context protocol servers and LLM allocations on the dance floor

Aug 22, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Aug/22/too-many-mcps/#atom-everything Source: Simon Willison’s Weblog Title: too many model context protocol servers and LLM allocations on the dance floor Feedly Summary: too many model context protocol servers and LLM allocations on the dance floor Useful reminder from Geoffrey Huntley of the infrequently discussed significant token cost of using MCP. Geoffrey estimate estimates that…

Embrace The Red: Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets

Aug 21, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/windsurf-data-exfiltration-vulnerabilities/ Source: Embrace The Red Title: Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets Feedly Summary: This is the first post in a series exploring security vulnerabilities in Windsurf. If you are unfamiliar with Windsurf, it is a fork of VS Code and the coding agent is called Windsurf Cascade. The attack vectors…

The Register: Amazon quietly fixed Q Developer flaws that made AI agent vulnerable to prompt injection, RCE

Aug 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/20/amazon_quietly_fixed_q_developer_flaws/ Source: The Register Title: Amazon quietly fixed Q Developer flaws that made AI agent vulnerable to prompt injection, RCE Feedly Summary: Move along, nothing to see here Amazon has quietly fixed a couple of security issues in its coding agent: Amazon Q Developer VS Code extension. Attackers could use these vulns to…

Embrace The Red: Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection

Aug 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/amazon-q-developer-interprets-hidden-instructions/ Source: Embrace The Red Title: Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection Feedly Summary: The Amazon Q Developer VS Code Extension (Amazon Q) is a very popular coding agent, with over 1 million downloads. In previous posts we showed how prompt injection vulnerabilities in Amazon Q could lead…

Embrace The Red: Amazon Q Developer: Remote Code Execution with Prompt Injection

Aug 19, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/amazon-q-developer-remote-code-execution/ Source: Embrace The Red Title: Amazon Q Developer: Remote Code Execution with Prompt Injection Feedly Summary: The Amazon Q Developer VS Code Extension (Amazon Q) is a popular coding agent, with over 1 million downloads. The extension is vulnerable to indirect prompt injection, and in this post we discuss a vulnerability that…

Tag: coding agent