NVIDIA Report Highlights Remote Code Execution Risks in Agentic AI Coding Tools

NVIDIA’s AI Red Team has released a report detailing vulnerabilities in agentic AI coding tools, such as GitHub Copilot and OpenAI Codex, which can be exploited to achieve remote code execution (RCE). The report, presented at Black Hat USA in August 2025 and published on October 9, 2025, underscores the growing risks associated with the automation of coding tasks using AI assistants.

The research reveals that attackers can manipulate these tools by injecting malicious instructions into untrusted data sources like GitHub issues or pull requests. This technique, known as indirect prompt injection, allows attackers to control the actions of AI agents and execute arbitrary code on developer machines.

How the Attack Works

The attack process involves three main steps:

Planting malicious instructions in GitHub issues or pull requests.
Creating seemingly harmless Python packages with hidden payloads.
Tricking the AI agent into installing these packages, leading to RCE.

This method exploits the trust that AI agents place in data sources, making it possible for attackers to bypass security measures and gain unauthorized access to systems.

Mitigation Strategies

To prevent such attacks, the report recommends several mitigation strategies:

Restricting the autonomy of agentic applications.
Enforcing human-in-the-loop approval for sensitive commands.
Isolating fully autonomous agents from sensitive tools and information.
Using tools like NVIDIA’s LLM vulnerability scanner garak and NeMo Guardrails to harden LLMs against prompt injection.

The researchers emphasize adopting an "assume prompt injection" approach when designing or evaluating agentic applications. Enterprise controls are also available for tools like Cursor to disable auto-run or limit its impact.

Implications for Developers and Enterprises

The report concludes that while agentic coding workflows have significantly enhanced development efficiency, developers and enterprises must understand the potential risks and implement mitigation strategies. As AI tools become more integrated into development environments, securing these tools against emerging threats will be critical to maintaining trust and security.

The report serves as a call to action for the industry to prioritize security in the design and deployment of AI coding tools. By adopting best practices and leveraging advanced security tools, developers can continue to harness the benefits of AI while minimizing vulnerabilities.