Anthropic had reportedly declined to repair the immediate injection vector, saying, “After reviewing your report, we have been unable to determine any security influence. As such, this has been marked as Not Relevant.” Anthropic didn’t instantly reply to CSO’s request for feedback.
The writer, utilizing the alias “WunderWuzzi” for the weblog, famous that builders constructing atop Claude, Amazon Q included, should block these assaults on their very own. Most fashions nonetheless parse invisible immediate injection, besides OpenAI, which has tackled the difficulty straight on the mannequin/API layer.
By August 8, 2025, AWS reported the vulnerability resolved, the writer stated within the weblog. Nonetheless, “no public advisory or CVE can be issued,” so customers ought to guarantee they’re working the most recent model of Amazon Q Developer for security.
