RSAC 2026: Every AI IDE Is Vulnerable - Here's What That Actually Means for Your Workflow

This article was originally published on LucidShark Blog . RSA Conference 2026 is running right now in San Francisco, and the headline finding from the AI security track is blunt: 100% of tested AI coding environments are vulnerable to prompt injection attacks . That includes Claude Code, Cursor, Windsurf, GitHub Copilot, Roo Code, JetBrains Junie, Cline, and every other major tool developers are using to ship code today. Researcher Ari Marzouk disclosed a shared attack chain - Prompt Injection → Agent Tools → Base IDE Features - that results in 24 assigned CVEs and an AWS advisory (AWS-2025-019). The RSAC session "When AI Agents Become Backdoors: The New Era of Client-Side Threats" demonstrates how Cursor, Claude Code, Codex CLI, and Gemini CLI can be transformed into persistent backdoors through this chain. This is not a theoretical concern. It is happening on stage at the most-attended security conference in the world, right now. If your engineering team is shipping AI-generated cod