Amazon Q Extension Credential Theft via MCP Injection
A vulnerability in the Amazon Q Visual Studio Code extension allows adversaries to plant malicious repositories that execute arbitrary code and exfiltrate cloud credentials. The flaw highlights escalating risks associated with Model Context Protocol (MCP) integrations embedded within AI-powered developer tools. This attack vector represents a growing threat surface as AI coding assistants gain privileged access to developer environments and cloud infrastructure.