◈ AI Security Intelligence ← All terms
Attack  ·  Glossary

Hardcoded AI instruction file (attack vector)

Definition
AI coding agents (like Claude Code or Cursor) are configured through instruction files stored in project directories, which tell the agent how to behave. Attackers who can place or modify such a file — in a public repository, a compromised dependency, or a shared project — can permanently override the AI agent's behaviour for every developer who clones that project, redirecting its API calls or exfiltrating secrets.
Why it matters
Over 1,230 hardcoded API keys were found in AI instruction files in one research sweep, and a separate finding showed attackers can hijack the AI agent's base URL through these files — turning a trusted developer tool into a data exfiltration channel with no malware required.
Demonstrated by recent findings
Mitiga Skillgate Research — Attacker-Controlled ANTHROPIC_BASE_URL Overrides and 1,230+ Hardcoded API Keys in AI Instruction FilesPoisoned Coding-Assessment Repository — AI Agent Indirect Prompt Injection Exfiltrates Cloud Credentials in Under 2 Minutes
References
OWASP LLM Top 10 — LLM08:2025 Vector and Embedding Weaknesses
Track this in the live feed See how this plays out in real AI security and governance developments.
Open the feed →