Open a folder; All your agents are mine
Summary
The article discusses a VSCode Cursor/AI agent hijack vulnerability where malicious tasks.json configurations can alter AI agent behavior and exfiltrate secrets, potentially spreading across a team. It emphasizes security risks for developers using genAI tools and outlines high-level attack mechanics, urging robust mitigations and secure development practices.