AWS has identified prompt injection vulnerabilities in Amazon Q Developer and Kiro, detailed in recent blog posts. These issues could allow for remote code execution and secret exfiltration. For Amazon Q Developer, specific versions were susceptible to commands executed without human confirmation, including those with invisible characters. Updates to Language Server versions 1.22.0 and 1.24.0 introduced Human-in-the-Loop (HITL) confirmation for these commands. Another vulnerability allowed secrets to be leaked via DNS requests through prompt-injected suggestions. AWS Kiro also had a vulnerability enabling arbitrary code execution through injected instructions. Kiro version 0.1.42 was affected, with updates now requiring HITL confirmation for certain actions. Amazon Q Developer and Kiro are designed with agentic development principles to boost efficiency. AWS advises customers to assess and implement security controls based on their environment and the shared responsibility model. Safeguards like HITL and customizable execution policies are in place to support secure adoption.