Amazon Kiro IDE Data Exfiltration via Filename Prompt Injection and Kiro Powers Registry Fetching

Affected Vendor(s)

Amazon

Affected Product(s)

Kiro IDE

Summary

The Amazon Kiro IDE is vulnerable to a data exfiltration issue that can be exploited through a prompt injection and abuse of the Kiro Powers features. By crafting a repository containing a directory with prompt injection instructions in its name, an attacker can coerce the application to visit an attacker controlled website while submitting sensitive local file contents.

Timeline

Discovered on
December 11, 2025
Disclosed to Vendor on
December 11, 2025
Published on
January 15, 2026

Credit

Aaron Portnoy

Blog Post

References

Amazon Kiro Website

Learn how Mindgard can help you navigate AI Security

Take the first step towards securing your AI. Book a demo now and we'll reach out to you.

Book a Demo
Protect your AI with Mindgard

Mindgard, the leading provider of Artificial Intelligence security solutions, helps enterprises secure their AI models, agents, and systems across the entire lifecycle. Mindgard’s solution uncovers shadow AI, conducts automated AI red teaming by emulating adversaries, and delivers runtime protection against attacks like prompt injection and agentic manipulation. Trusted by leading organizations in finance, healthcare, and technology, Mindgard is backed by investors including .406 Ventures, IQ Capital, Atlantic Bridge, and Lakestar.

©️ 2026 Mindgard limited
All rights Reserved