On December 6, 2025, security researchers, including Ari Marzouk, disclosed over 30 critical vulnerabilities in popular AI-powered development environments and assistants, collectively dubbed "IDEsaster." The flaws affect tools like GitHub Copilot and Cursor and could lead to the leakage of sensitive data (tokens, source code) and Remote Code Execution (RCE) on developers' machines. This event highlights the growing risks associated with integrating AI agent systems into critical processes.
Mass Disclosure of 30+ Vulnerabilities in AI-IDEs ("IDEsaster")
