Incident 1158: Alleged Malicious Wiping Command Found in Amazon Q AI Assistant

Responded
Description: A reported compromise of Amazon's AI coding assistant "Q" allegedly involved the insertion of commands that, if executed, could have wiped local files and potentially affected cloud resources. The altered code was reportedly incorporated into a public release before being detected and removed.
Editor Notes: For more information, see the Amazon security bulletin incident statement at https://aws.amazon.com/security/security-bulletins/AWS-2025-015/ and the SourceForge archive of the compromised release (v1.84.0) at https://sourceforge.net/projects/aws-toolkit-for-vs-code.mirror/files/amazonq_v1.84.0/.

Tools

New ReportNew ReportNew ResponseNew ResponseDiscoverDiscoverView HistoryView History

Incident Stats

Incident ID
1158
Report Count
3
Incident Date
2025-07-17
Editors
Daniel Atherton
Loading...
Hacker slips malicious 'wiping' command into Amazon's Q AI coding assistant - and devs are worried
zdnet.com · 2025

A while back, my ZDNET colleague David Gewirtz worried that someday AI coding agents could destroy open-source software. That day has come. A hacker managed to plant destructive wiping commands into Amazon's "Q" AI coding agent

This has s…

Loading...
Amazon AI Breach: A Harsh Wake-Up Call for AI Regulation
citizen.org · 2025

WASHINGTON, D.C. --- Amazon's generative AI coding assistant, Amazon Q, was compromised by a hacker who injected malicious code into the tool's GitHub repository. The code instructed the AI to wipe users' systems and cloud resources. Amazon…

Loading...
Security Update for Amazon Q Developer Extension for Visual Studio Code (Version #1.84)
aws.amazon.com · 2025
Amazon Web Services, AWS post-incident response

Scope: AWS
Content Type: Important (requires attention)
Publication Date: 2025/07/23 6:00 PM PDT
Updated Date: 2025/07/25 6:00 PM PDT

Description:

Amazon Q Developer for Visual Studio Code (VS Code) Extension is a development tool that inte…

Variants

A "variant" is an AI incident similar to a known case—it has the same causes, harms, and AI system. Instead of listing it separately, we group it under the first reported incident. Unlike other incidents, variants do not need to have been reported outside the AIID. Learn more from the research paper.
Seen something similar?

Similar Incidents

By textual similarity

Did our AI mess up? Flag the unrelated incidents

Loading...
Game AI System Produces Imbalanced Game

Game AI System Produces Imbalanced Game

· 11 reports
Loading...
Wikipedia Vandalism Prevention Bot Loop

Wikipedia Vandalism Prevention Bot Loop

· 6 reports
Loading...
Microsoft's TayBot Allegedly Posts Racist, Sexist, and Anti-Semitic Content to Twitter

Microsoft's TayBot Allegedly Posts Racist, Sexist, and Anti-Semitic Content to Twitter

· 28 reports
Previous IncidentNext Incident