Knostic Research: Context Window Poisoning Attacks AI Coding Assistants via Hidden Payloads in Code Comments, Metadata, and Docs
Knostic published research showing that context window poisoning — embedding malicious instructions in code comments, metadata, or documentation — can manipulate AI coding assistants into generating insecure code. The attacker doesn't need chat access; the payload lives in the repository. AI assistants merge IDE files, comments, logs, and extension outputs into context windows, giving attackers multiple invisible entry points. A related arXiv paper (XOXO) demonstrated Cross-Origin Context Poisoning using semantically equivalent code modifications that traditional program analysis cannot detect. Knostic's Kirin tool provides real-time context window inspection to block unsafe instructions before they reach the model.
Source
↳ Follow the thread