A recent investigation has uncovered over thirty security vulnerabilities in AI-integrated development tools, termed an 'IDEsaster' due to the risks of data theft and remote code execution (RCE). The research, led by Ari Marzouk, highlights that every major AI-assisted integrated development environment (IDE) tested—including Visual Studio Code, JetBrains products, and various commercial assistants—exhibited these vulnerabilities. Notably, all products assessed, such as GitHub Copilot and Cursor, were found to be susceptible, with at least twenty-four assigned CVEs. The vulnerabilities stem from the way AI agents interact with existing IDE features that were not designed for autonomous operations. Traditional IDE functionalities are now being exploited, allowing attackers to manipulate these tools into leaking sensitive information or executing malicious code. The attack chain often begins with prompt injection, where hidden instructions are inserted into files or outputs from compromised servers. This manipulation can lead to significant breaches, like an IDE fetching a remote schema and inadvertently leaking sensitive data. Specific examples illustrate the severity of these flaws. In one case, a JSON file's reference to a remote schema prompted the IDE to extract and leak sensitive parameters. In another, altering an executable file's settings enabled an attacker to execute arbitrary code simply by opening or creating specific file types. The report suggests that current IDEs were not built with security in mind for AI operations, meaning that while some mitigations are available for developers, a fundamental redesign of IDEs is necessary to address these vulnerabilities effectively.