Amazon Q Developer and Kiro โ€“ Prompt Injection Issues in Kiro and Q IDE plugins

2025 019 ยท 2026-06-05

Actions

Rate this issue

Technical Details

Affected Versions <1.22.0, <1.24.0, 0.1.42
Regions all
Migration Required Yes
Cost Impact Neutral

What This Means

For DevOps Teams

Update Amazon Q Developer to version 1.24.0 or newer and Kiro to version 0.1.42 to address prompt injection vulnerabilities and enforce Human-in-the-Loop confirmations for critical commands.

For Platform Teams

Deploy the updated versions of Amazon Q Developer and Kiro to enhance security posture and maintain compliance with evolving threat landscapes in AI-driven development environments.

For Executives

Evaluate and implement the latest security patches for Amazon Q Developer and Kiro to mitigate prompt injection risks and ensure secure AI-enhanced development workflows.

Source

View original AWS announcement โ†’

Weekly AWS Digest in Your Inbox

No spam, no headlines. Just a weekly summary of the 3โ€“7 AWS changes that matter for DevOps and Platform teams.

๐Ÿ“ง Exactly 1 email per week โ€ข Every Tuesday โ€ข Unsubscribe anytime

Today: AWS only. Coming next: Azure and other major clouds.