Incident 1158: Alleged Malicious Wiping Command Found in Amazon Q AI Assistant

Responded

Description: A reported compromise of Amazon's AI coding assistant "Q" allegedly involved the insertion of commands that, if executed, could have wiped local files and potentially affected cloud resources. The altered code was reportedly incorporated into a public release before being detected and removed.

Editor Notes: For more information, see the Amazon security bulletin incident statement at https://aws.amazon.com/security/security-bulletins/AWS-2025-015/ and the SourceForge archive of the compromised release (v1.84.0) at https://sourceforge.net/projects/aws-toolkit-for-vs-code.mirror/files/amazonq_v1.84.0/.

Tools

New Report New Response DiscoverView History

Entities

View all entities

Alleged: Amazon , Amazon Web Services , AWS , Amazon Q AI coding assistant (AWS Toolkit for Visual Studio Code) , Amazon Q Developer Extension v1.84.0 and GitHub repository for Amazon Q / AWS Toolkit developed and deployed an AI system, which harmed aws tOOLKIT USERS , Amazon Q users and Amazon Web Services (AWS) customers.

Alleged implicated AI systems: Amazon Q AI coding assistant (AWS Toolkit for Visual Studio Code) , Amazon Q Developer Extension v1.84.0 and GitHub repository for Amazon Q / AWS Toolkit

Incident Stats

Incident ID

1158

Report Count

Incident Date

2025-07-17

Editors

Daniel Atherton

Incident Reports

Reports Timeline

Hacker slips malicious 'wiping' command into Amazon's Q AI coding assistant - and devs are worried

zdnet.com

Amazon AI Breach: A Harsh Wake-Up Call for AI Regulation

citizen.org

Security Update for Amazon Q Developer Extension for Visual Studio Code (Version #1.84)

aws.amazon.com

zdnet.com · 2025

A while back, my ZDNET colleague David Gewirtz worried that someday AI coding agents could destroy open-source software. That day has come. A hacker managed to plant destructive wiping commands into Amazon's "Q" AI coding agent.

This has s…

citizen.org · 2025

WASHINGTON, D.C. --- Amazon's generative AI coding assistant, Amazon Q, was compromised by a hacker who injected malicious code into the tool's GitHub repository. The code instructed the AI to wipe users' systems and cloud resources. Amazon…

aws.amazon.com · 2025

Amazon Web Services, AWS post-incident response

Scope: AWS
Content Type: Important (requires attention)
Publication Date: 2025/07/23 6:00 PM PDT
Updated Date: 2025/07/25 6:00 PM PDT

Description:

Amazon Q Developer for Visual Studio Code (VS Code) Extension is a development tool that inte…

Variants

A "variant" is an AI incident similar to a known case—it has the same causes, harms, and AI system. Instead of listing it separately, we group it under the first reported incident. Unlike other incidents, variants do not need to have been reported outside the AIID. Learn more from the research paper.

Seen something similar?

Similar Incidents

By textual similarity

Did our AI mess up? Flag the unrelated incidents

Similar Incidents

By textual similarity

Did our AI mess up? Flag the unrelated incidents

Incident 1158: Alleged Malicious Wiping Command Found in Amazon Q AI Assistant

Tools

Entities

Incident Stats

Incident Reports

Reports Timeline

Hacker slips malicious 'wiping' command into Amazon's Q AI coding assistant - and devs are worried

Amazon AI Breach: A Harsh Wake-Up Call for AI Regulation

Security Update for Amazon Q Developer Extension for Visual Studio Code (Version #1.84)

Hacker slips malicious 'wiping' command into Amazon's Q AI coding assistant - and devs are worried

Amazon AI Breach: A Harsh Wake-Up Call for AI Regulation

Security Update for Amazon Q Developer Extension for Visual Studio Code (Version #1.84)

Variants

Similar Incidents

By textual similarity

Game AI System Produces Imbalanced Game

Wikipedia Vandalism Prevention Bot Loop

TayBot

Similar Incidents

By textual similarity

Game AI System Produces Imbalanced Game

Wikipedia Vandalism Prevention Bot Loop

TayBot