Undisclosed addition in jqwik instructed AI coding agents to delete app output
11 hours ago
- #developer ethics
- #prompt injection
- #AI security
- Developer added hidden instructions to jqwik, an open-source Java testing app, to sabotage AI coding agents.
- The instructions were a prompt injection attack causing vulnerable AI agents to delete jqwik tests and code.
- The update included code to conceal the instruction from human reviewers using ANSI escapes in terminals.
- A Java developer questioned the ethics due to the potentially destructive, unqualified nature of the payload.
- Criticism focused on the aggressive effect harming human operators, not the defensive intent behind the action.
- Anthropic's Claude AI flagged the instruction without following it, but other agents might execute it destructively.