A significant cyber-security vulnerability has been identified in the AI coding platform Orchids, which boasts around one million users and is utilized by major corporations including Google, Uber, and Amazon. This platform, designed for users without technical skills to create apps and games through text prompts, has drawn attention due to its susceptibility to hacking.
Cyber-security researcher Etizaz Mohsin showcased the platform's security flaws by gaining unauthorized access to a project and manipulating its code. Without the user's knowledge, he inserted a line of code that altered the desktop environment, demonstrating how easily hackers could infiltrate systems using Orchids. Such vulnerabilities raise concerns about the potential for malicious actors to steal sensitive information or install harmful software without user interaction.
This incident highlights the growing risks associated with the convenience provided by AI tools, as experts caution against granting these platforms extensive access to personal computers. Despite multiple requests for comment, Orchids has not responded regarding the security issues.