Key Findings Over 30 security vulnerabilities have been disclosed in various AI-powered Integrated Development Environments (IDEs) The vulnerabilities combine prompt injection primitives with legitimate IDE features to achieve data exfiltration and remote code execution The security issues have been collectively named "IDEsaster" by security researcher Ari Marzouk (MaccariTA) The vulnerabilities affect popular IDEs and extensions such as Cursor, Windsurf, Kiro.dev, GitHub Cop
