Daily Guardian UAEDaily Guardian UAE
  • Home
  • UAE
  • What’s On
  • Business
  • World
  • Entertainment
  • Lifestyle
  • Sports
  • Technology
  • Travel
  • Web Stories
  • More
    • Editor’s Picks
    • Press Release
What's On

The FCC’s latest crackdown could put more than DJI drones at risk in the US

July 11, 2026

Researchers hid a prompt injection inside a PNG, and AI fell for it

July 11, 2026

AI has already fallen into the wrong hands and they’re using it to make bombs

July 11, 2026

Google’s new Magic Pointer Play Store listing reveals a Gemini shortcut built for Googlebooks

July 11, 2026

You can stop using AI, but this new report says you probably can’t escape it

July 11, 2026
Facebook X (Twitter) Instagram
Finance Pro
Facebook X (Twitter) Instagram
Daily Guardian UAE
Subscribe
  • Home
  • UAE
  • What’s On
  • Business
  • World
  • Entertainment
  • Lifestyle
  • Sports
  • Technology
  • Travel
  • Web Stories
  • More
    • Editor’s Picks
    • Press Release
Daily Guardian UAEDaily Guardian UAE
Home » Researchers hid a prompt injection inside a PNG, and AI fell for it
Technology

Researchers hid a prompt injection inside a PNG, and AI fell for it

By dailyguardian.aeJuly 11, 20263 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email

AI coding assistants like Claude are becoming every developer’s favorite coworker. They can review code, explain confusing functions, and even write entire features with a single prompt. But new research suggests that this growing trust could also become their biggest weakness.

A team of security researchers (professor Sudipta Chattopadhyay and researcher Murali Ediga) has demonstrated an unusual attack that doesn’t target the AI model directly. Instead, it targets what the AI doesn’t pay enough attention to during code reviews. Rather than hiding malicious instructions in lines of code, the researchers tucked them inside an image file. Since many AI review tools treat images as decorative assets rather than as something worth inspecting, the pull request can appear perfectly harmless and sail through the review.

The most dangerous file might be the one you’d never open

Imagine receiving a document with a company logo in the corner. You’d probably glance at it and move on. Now imagine that logo secretly contained instructions telling your AI assistant to open your password vault the next time you used it. That’s essentially the idea behind this proof of concept. The trick doesn’t execute immediately after the code is merged, either. It waits until a developer later asks an AI coding assistant to perform a completely unrelated task, such as creating a helper function or adding a new module. By then, the AI has already absorbed the hidden instructions and can unknowingly access sensitive project files before slipping confidential information into the code it generates.

What’s especially worrying is that the stolen data isn’t dumped into the source code in an obvious way. Instead, it’s disguised as ordinary-looking values that blend in with legitimate code, making them far less likely to trigger existing security tools or catch a developer’s eye during a quick review.

It’s not just about which AI you use

The researchers also found that the outcome wasn’t determined by which large language model was being used. In many cases, the same AI model behaved very differently depending on the coding assistant wrapped around it. Some tools blindly followed the hidden instructions, while others recognized something suspicious and refused to continue. That’s an important distinction because it suggests the problem isn’t limited to a particular chatbot. The real challenge lies in how AI-powered coding platforms decide what information to trust and which project files they’re allowed to access.

AI agents

The good news is that the researchers don’t believe this is an impossible problem to solve. They argue that AI review tools need to become “multimodal” in the truest sense — treating images, documentation, configuration files, and other non-code assets with the same level of scrutiny as source code. If an AI can read a picture, it also needs to understand that the picture could be trying to manipulate it. For developers, this is another reminder that AI coding tools still need supervision. They can dramatically speed up software development, but they also open entirely new attack surfaces that didn’t exist before. The next security risk might not be hidden in thousands of lines of code — it could be sitting inside an image that nobody thought was worth opening.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Keep Reading

The FCC’s latest crackdown could put more than DJI drones at risk in the US

AI has already fallen into the wrong hands and they’re using it to make bombs

Google’s new Magic Pointer Play Store listing reveals a Gemini shortcut built for Googlebooks

You can stop using AI, but this new report says you probably can’t escape it

Google may finally ditch Samsung’s modem in the Pixel 11, and Tensor G6 could be better for it

Your YouTube playlists can now become actual TV shows, but there’s a catch you need to know

DuRoBo’s Krono e-reader and it’s page-turning sidekick Moodi are now available globally

Your Google AI Studio apps can finally have polished, presentable web links

LG SIGNATURE DLEX9900S review: A massive, gorgeous dryer with one AI-sized asterisk

Editors Picks

Researchers hid a prompt injection inside a PNG, and AI fell for it

July 11, 2026

AI has already fallen into the wrong hands and they’re using it to make bombs

July 11, 2026

Google’s new Magic Pointer Play Store listing reveals a Gemini shortcut built for Googlebooks

July 11, 2026

You can stop using AI, but this new report says you probably can’t escape it

July 11, 2026

Subscribe to News

Get the latest UAE news and updates directly to your inbox.

Latest Posts

Google may finally ditch Samsung’s modem in the Pixel 11, and Tensor G6 could be better for it

July 11, 2026

Your YouTube playlists can now become actual TV shows, but there’s a catch you need to know

July 11, 2026

DuRoBo’s Krono e-reader and it’s page-turning sidekick Moodi are now available globally

July 11, 2026
Facebook X (Twitter) Pinterest TikTok Instagram
© 2026 Daily Guardian UAE. All Rights Reserved.
  • Privacy Policy
  • Terms
  • Advertise
  • Contact

Type above and press Enter to search. Press Esc to cancel.