Cross-industryIdentity & Access DriftCode AssistantMedium

Amazon Q Developer VS Code extension compromised by malicious wiper prompt

A compromised GitHub token allowed a threat actor to commit malicious code into Amazon Q Developer for VS Code version 1.84.0. The payload contained a wiper prompt, but a syntax error prevented it from executing. AWS revoked the token and issued a remediation release (v1.85.0).

Amazon (AWS) · Incident Jul 23, 2025 · Indexed Jun 5, 2026 · 3 sources

A syntax error prevented the execution of a malicious wiper prompt injected via a compromised build token.

Key facts

What
A compromised GitHub token allowed a threat actor to commit malicious code into Amazon Q Developer for VS Code version 1.84.0.
Incident date
Jul 23, 2025
Who
Amazon (AWS)
Failure mode
Identity & Access Drift
AI surface
Code Assistant
Severity
Medium

What happened

An inappropriately scoped GitHub token in a CodeBuild configuration allowed a threat actor to commit malicious code into the Amazon Q Developer for VS Code extension. This code was distributed with version 1.84.0. AWS revoked the token and released version 1.85.0 to remediate the issue.

What broke inside the model

Failure path · mode profile · Identity & Access Drift
  1. 01 · TriggerAn agent operates with granted credentials.
  2. 02 · Model stepIt reaches for scope it was never assigned.
  3. 03 · Control gapNo runtime check binds it to its role.
  4. 04 · FailureThe agent acts outside its authority.
  5. 05 · ConsequencePrivileged actions run with no oversight.

The agent's actions drift outside the scope it was granted.

The failure was a supply chain compromise where an insecure build token granted unauthorized commit access. The attacker attempted to deploy a wiper prompt targeting local and cloud environments. A syntax error in the malicious code ultimately blocked its execution.

What it cost

Public visibilityHigh
Regulatory exposureNone
Customer impactFew customers
Financial impactUnknown
Time to disclosureWeeks

Sources

  1. PrimarySecurity Update for Amazon Q Developer Extension for Visual Studio Code (Version #1.84)aws.amazon.com
  2. PressAmazon Q extension for VS Code reportedly injected with 'wiper prompt'scworld.com
  3. PressWhen AI Assistants Turn Against You: The Amazon Q Security Wake Up Calldevops.com

Cite this entry

Permalinkhttps://failureindex.ai/failures/amazon-developer-code-extension-compromised-malicious
CitationAI Failure Index. "Amazon Q Developer VS Code extension compromised by malicious wiper prompt" (FI-0239). Realm Labs. https://failureindex.ai/failures/amazon-developer-code-extension-compromised-malicious (indexed Jun 5, 2026).
Share cardA branded image of this record for posts and slides.

Data fields CC-BY 4.0, prose citation permitted. Incident ID FI-0239. Full dataset at /data.

Note from Realm Labs, the Index steward

How Realm would have caught this

Controls for this failure mode
  • OmniGuard
  • AgentRealm

Realm can bind an agent's actions to the identity and scope it was assigned and flag the moment it reaches for access beyond its task, so inherited or discovered permissions do not quietly become a destructive action.

Book a Demo

Related failures

Other records that share this failure mode (Identity & Access Drift) or industry (Cross-industry).

FI-0501Cross-industryMedium
Hallucination

KPMG pulls AI report after organizations dispute claims

KPMG withdrew its "Total Experience: Redefining Excellence in the Age of Agentic AI" report after several organizations stated the claims about their AI usage were untrue. Research by GPTZero revealed that the majority of the report's citations were AI-generated hallucinations.

Confidence
High (multi-source, primary)
KPMG3 sourcesPrimaryPublicJun 2026
FI-0576Cross-industryMedium
Brand & Safety Incident

Reddit ads used deepfake news and cloned sites to promote AI investment scams

Reddit failed to prevent a series of sponsored ads that used deepfakes and cloned websites to impersonate news outlets like the BBC and The Guardian. These ads promoted fraudulent AI investment platforms, targeting users in the US and Europe.

Confidence
High (multi-source, primary)
Reddit3 sourcesPrimaryPublicJun 2026
FI-0502Cross-industryMedium
Hallucination

EY retracts loyalty rewards report after AI hallucinations and fake footnotes discovered

EY withdrew a cybersecurity report on loyalty rewards programs after researchers found it contained fabricated data and non-existent citations. The report was used by EY Canada for marketing purposes but was retracted once the AI-generated errors were exposed.

Confidence
Medium (multi-source)
EY3 sourcesPressPublicMay 2026