New Video: Hacking AI Coding Assistants and IDEs. #bugbounty #ai

A security researcher explains how sandboxes in AI coding assistants and IDEs—designed to block external network calls without user confirmation—are a key obstacle for attackers but not foolproof. He outlines techniques to bypass these restrictions, including covert DNS-based timing channels that encode data in resolution patterns and chaining benign, unrestricted commands to exfiltrate information. The talk emphasizes mapping every command that can run without confirmation to find creative exfiltration paths. These approaches highlight practical attack vectors against supposedly isolated developer environments.