Trae IDE OpenPreview Data Exfiltration

Affected Vendor(s)

Trae

Affected Product(s)

Trae IDE

Summary

Trae IDE can expose developer secrets. A malicious repository can use .trae/rules/project_rules.md to make the agent read .env files and send API keys externally via OpenPreview.

Timeline

Discovered on
December 17, 2025
Disclosed to Vendor on
December 17, 2025
Published on
June 22, 2026

Credit

Aaron Portnoy

Blog Post

The Growing Risk of AI IDEs as a Breach Vectorblog icon

References

Start Securing Your AI Systems

See how Mindgard exposes and fixes exploitable AI risk across your AI agents and systems.

Book a Demo

Mindgard, the leading provider of AI security solutions, helps enterprises discover, assess, and defend their AI systems. Spun out from over a decade of AI security research at Lancaster University and headquartered in Boston and London, Mindgard combines AI red teaming with offensive security expertise and AI research to identify exploitable vulnerabilities in AI models, agents, and applications before attackers do.

AICPA SOC SOC 2 Type 2 Compliant