2026-06-24 –, Track 3
AI coding agents have significantly changed the world of code development. Smarter, faster, and more skilled, they gain greater autonomy and trust. Isn’t that too good to be true, and we might be dealing with a double-edged sword here? Can attackers use the same capabilities of the AI agents to attack their own users? And most importantly: what’s the worst that could happen if you fully trust some random AI Agent?
In this talk I demonstrate how remote attackers exploit vulnerabilities in popular AI coding agents to capture sensitive data and compromise the computers of their users. Additionally, I conclude with recommendations for users and developers on how to mitigate such attacks.
Ahmad Abolhadid is a senior security analyst at ERNW. He has deep experience in pentesting AI systems, mobile and web applications, and other fields. He develops purpose-built security testing tools and enjoys creating technical trainings to share experience with the community. He holds a Master's degree in Computer and Media Engineering from Hochschule Offenburg, Germany.