New Context Hub service potentially exploitable in AI supply chain attacks

AI coding agents could be injected with nefarious instructions, resulting in potential supply chain compromise, through a new proof-of-concept attack against the newly launched Context Hub service, which ensures up-to-date API documentation for coding agents, reports The Register. Involved in the PoC attack, developed by lap.sh creator Mickey Shmueli, was the integration of suggested dependencies into coding agents' configuration files and generated code, with submission and approval of pull request completing the poisoning process. "The review process appears to prioritize documentation volume over security review. Doc PRs merge quickly, some by core team members themselves. I didn't find any evidence in the GitHub repo of automated scanning for executable instructions or package references in submitted docs, though I can't say for certain what happens internally," said Shumeli. Such an attack technique was noted to be a new twist to indirect prompt injection weaknesses plaguing AI models.