Researchers hide malicious prompts in PNGs to trick AI coding tools
Security researchers have demonstrated a unique prompt injection attack by hiding malicious instructions inside a PNG image file through text embedded in the design or hidden in its metadata. Many AI code review tools treat images as harmless decorative assets, allowing compromised pull requests to pass undetected while the AI automatically scans and absorbs the hidden text. The exploit remains dormant in the AI assistant's context memory until a developer later asks it to perform a completely unrelated task. Once triggered, the AI executes the hidden instructions, accessing sensitive project files and exfiltrating confidential data disguised as ordinary code values. This architecture flaw exposes a critical vulnerability where modern coding platforms blindly trust non-code assets and grant AI models excessive project permissions.