Hack to the Future: Owning AI-Powered Tools with Old School Vulns
Black Hat USA 2025 · Day 1 · Briefings
Kudelski Security's research team audited over a dozen AI-powered developer tools — code review agents, data analytics assistants, and AI coding agents — and found vulnerabilities in every single one. The most severe: a RuboCop configuration injection in CodeRabbit (the most-installed AI code review app on GitHub) that yielded the app's private GitHub key, granting write access to over one million repositories, including private ones. Classic vulnerabilities — RCE, SQL injection, privilege escalation, hardcoded credentials — are reappearing at scale inside an entirely new attack surface that most organizations haven't begun to assess. ---
AI review
Kudelski found RCE in all of them — every single AI dev tool they touched — and the CodeRabbit finding (one RuboCop config, one million repositories, one private key) is the kind of supply chain compromise scenario that keeps CISO's awake. The systemic critique is sharp: these vendors ship RCE-as-a-service and call it a feature.