Antlii / Shutterstock.com
The developer of the open source Java testing tool jqwik is currently under fire after incorporating a hidden prompt injection into the software.
The instruction was aimed at coding agents and instructed them to ignore previous instructions and delete all jqwik-related code and tests, Ars Technica reports.
The prompt injection was added to version1.10.0 of jqwik and was hidden from human users using terminal control codes so that the message was not visible in certain terminal windows.
This was discovered by Java developer RamonBatllet, who criticized the method on Github. In his opinion, developers have the right to restrict the use of their software by AI. However, the use of a potentially destructive instruction, which could lead to users’ work being deleted, is problematic.
Following the criticism, jqwik’s developer updated the release notes to openly disclose prompt injection. He then declined further comment and stated that he would first consult with lawyers after receiving threats. (mb)
