How AI agents can weaponize IDEs

**IDEsaster** warns that AI-enabled IDEs and coding assistants can be weaponized—using legitimate IDE features such as tool execution, workspace configuration, agent automation, and prompt injection—to exfiltrate secrets, modify code, and propagate supply-chain attacks; experts recommend adopting a "Secure for AI" posture (least privilege, prompt integrity, plugin trust models, auditability, human-in-the-loop reviews, and AI-aware SBOMs) though no confirmed real-world exploit is reported yet.