Agentic ProbLLMs: Exploiting AI Computer-Use and Coding Agents
This talk demonstrates end-to-end prompt injection exploits that compromise agentic systems. Specifically, we will discuss exploits that target computer-use and coding agents, such as Anthropic’s Claude Code, GitHub Copilot, Google Jules, Devin AI, Amazon Q, AWS Kiro, and others. During the Month of AI Bugs (August 2025), I responsibly disclosed over two dozen security vulnerabilities across all major agentic AI coding assistants. This talk distills the most severe findings and patterns observed.
Almost all of these are scary but so easy to implement. Even if most vulnerabilities mentioned here have been patched, the ai soil is rich for so many more to be harvested.