RSAC 2026: Every AI IDE Is Vulnerable - Here's What That Actually Means for Your Workflow

This article was originally published on LucidShark Blog. RSA Conference 2026 is running right now in San Francisco, and the headline finding from the AI security track is blunt: 100% of tested AI coding environments are vulnerable to prompt injection attacks. That includes Claude Code, Cursor, Windsurf, GitHub Copilot, Roo Code, JetBrains Junie, Cline, and every other major tool developers are using to ship code today. Researcher Ari Marzouk disclosed a shared attack chain - Prompt Injection → Agent Tools → Base IDE Features - that results in 24 assigned CVEs and an AWS advisory (AWS-2025-019). The RSAC session "When AI Agents Become Backdoors: The New Era of Client-Side Threats" demonstrates how Cursor, Claude Code, Codex CLI, and Gemini CLI can be transformed into persistent backdoors through this chain. This is not a theoretical concern. It is happening on stage at the most-attended security conference in the world, right now. If your engineering team is shipping AI-generated code