It looks like AI developer assistants will always carry the risk that it is trying to pwn the developer who is using it. This is a great write-up of how one was trained to insert malicious links via the source code it was trained on.

https://arstechnica.com/security/2025/05/researchers-cause-gitlab-ai-developer-assistant-to-turn-safe-code-malicious/

#gitlab #duo #ai #llm #security #vuln