Attack vectors include exploiting configuration files, command execution, and self-modifying agents, with specific examples illustrating each vulnerability.

Prompt injection can be conditionally leveraged to target different agents and enable arbitrary code execution.

Mitigation strategies for developers include using passphrases on SSH keys, enabling branch protection, following the principle of least privilege, leveraging sandbox capabilities, and monitoring for widespread infections.

The author emphasizes the importance of increased security testing and awareness as AI and agents become more prevalent.

This project highlights the potential dangers of AI viruses, especially through prompt injection vulnerabilities in AI coding agents.

Several vulnerabilities in popular AI coding tools like GitHub Copilot, Amazon Q, AWS Kiro, and Amp Code have been responsibly disclosed and patched, revealing ongoing security concerns.

AgentHopper demonstrates how a universal prompt injection payload can spread across multiple AI agents and repositories, mimicking a computer virus's infection process.

The increasing threat of AI-driven malware and prompt payloads underscores the need for better security practices and greater vendor accountability.

The infection model begins with the compromise of a developer’s agent, which then injects malicious code into repositories, leading to further infections when other agents process infected code.