Associated Incidents
WASHINGTON, D.C. --- Amazon's generative AI coding assistant, Amazon Q, was compromised by a hacker who injected malicious code into the tool's GitHub repository. The code instructed the AI to wipe users' systems and cloud resources. Amazon unknowingly included the exploit in a public release downloaded nearly a million times. The hacker claims they were granted admin access with ease and used the incident to expose Amazon's lax security practices. The breach highlights growing risks as hackers increasingly target AI tools to gain access to sensitive systems.
J.B. Branch, Big Tech accountability advocate at Public Citizen, issued the following statement in response:
"This is exactly why we need enforceable rules before AI products hit the market. Amazon shipped a product with embedded commands to wipe user data---because they lacked the most basic guardrails and oversight. Regulatory and liability standards may have enabled this breach to have been caught before release."
"Big Tech keeps asking the public to trust them, but time and again they prove why that trust is misplaced. AI products are being rushed to market with minimal safety checks, and only profits on the mind. We need mandatory safety reviews, independent audits, and public accountability. Congress can't keep shrugging at Silicon Valley's blatant AI liabilities--the next AI hack could take down entire systems."