DEV Community

Achin Bansal
Achin Bansal

Posted on • Originally published at gridthegrey.com

Amazon Q VS Code Extension Flaw Enables Cloud Credential Theft via MCP

Forensic Summary

A vulnerability in the Amazon Q Visual Studio Code extension allows adversaries to plant malicious repositories that execute arbitrary code and exfiltrate cloud credentials. The flaw highlights escalating risks associated with Model Context Protocol (MCP) integrations embedded within AI-powered developer tools. This attack vector represents a growing threat surface as AI coding assistants gain privileged access to developer environments and cloud infrastructure.


Read the full technical deep-dive on Grid the Grey: https://gridthegrey.com/posts/amazon-q-vs-code-extension-flaw-enables-cloud-credential-theft-via-mcp/

Top comments (0)