Prompt-Jacking: The Rise of a New Supply Chain Risk

AI coding assistants are rapidly becoming part of every developer’s workflow, but what happens when the very tools meant to help are turned against you?

In this session, we’ll walk through real vulnerabilities we uncovered in Cursor, including arbitrary code execution and data exfiltration, showing how attackers can compromise developers through nothing more than hidden text in a codebase. We’ll then expose the invisible attack vectors unique to agentic AI, where malicious prompts silently shape behavior and propagate through codebases like a supply chain infection. Finally, we’ll share practical strategies developers and organizations can use today to defend against prompt-jacking and secure the future of AI-assisted development.

Kenneth Yeung

Kenneth Yeung is a Senior Security Researcher at HiddenLayer, specializing in adversarial machine learning and AI security. He is known for identifying LLM vulnerabilities in AI systems like Google Gemini, has been featured in publications like Forbes and DarkReading, and has spoken at conferences such as OWASP Global AppSec. Kenneth is a top finisher in global AI security competitions such as HackAPrompt 2023 and Dreadnode's Man vs Machine CTF, and is actively researching the defense of generative AI models.

Kasimir Schulz

Kasimir Schulz, Director of Security Research at HiddenLayer, is a leading expert in uncovering zero-day exploits and supply chain vulnerabilities in AI. His work has been featured in Forbes, BleepingComputer, and Dark Reading, and he has spoken at conferences such as FS-ISAC and Black Hat. Kasimir leads the development of advanced tools for automating vulnerability detection and implementing large-scale patches, fortifying systems against supply chain attacks. His dedication to proactive defense measures sets a new standard in cybersecurity resilience.

NDC { AI }

Prompt-Jacking: The Rise of a New Supply Chain Risk

Kenneth Yeung

Kasimir Schulz