CoreTechDaily

IBM's AI Tool 'Bob' Vulnerable to Malware Manipulation

IBM's AI tool 'Bob' is at risk of indirect prompt injection attacks, potentially allowing malware execution under specific conditions.

Published Jan 9, 2026
Tags:cybersecurityvulnerabilityAIIBMmalware
IBM's AI Tool 'Bob' Vulnerable to Malware Manipulation
  • IBM’s GenAI tool “Bob” is vulnerable to indirect prompt injection attacks in beta testing
  • CLI faces prompt injection risks; IDE exposed to AI-specific data exfiltration vectors
  • Exploitation requires “always allow” permissions, enabling arbitrary shell scripts and malware deployment

IBM’s Generative Artificial Intelligence (GenAI) tool, Bob, is susceptible to indirect prompt injection, a common vulnerability among similar tools.

Indirect prompt injection occurs when the AI tool accesses content from other applications, such as emails or calendar entries.

A malicious actor can send a seemingly harmless email or calendar entry containing a hidden prompt that instructs the tool to perform harmful actions, including data exfiltration, downloading and executing malware, or establishing persistence.

Risky Permissions

Recently, security researchers from Prompt Armor released a report indicating that IBM’s coding agent, currently in beta, can be accessed via CLI (a terminal-based coding agent) or IDE (an AI-powered editor). The CLI is vulnerable to prompt injection, while the IDE is at risk from known AI-specific data exfiltration methods.

“We have opted to disclose this work publicly to ensure users are informed of the acute risks of using the system prior to its full release,” they stated. “We hope that further protections will be implemented to address these risks for IBM Bob's General Access release.”

However, for attackers to exploit this vulnerability, users must first configure Bob to grant broad permissions, specifically enabling the ‘always allow’ permission for any command.

This requirement may deter even the least security-conscious users. As the tool is still in beta, it remains unclear whether this permission is enabled by default, but it is unlikely.

According to Prompt Armor, the vulnerability allows threat actors to deliver arbitrary shell script payloads to victims, utilizing known and custom malware variants to execute various cyberattacks, including ransomware, credential theft, spyware, device takeover, and botnet assimilation.

Via; PromptArmor

Related Posts

Asus Launches NUC 16 Pro: Aiming for the Fastest Mini PC with Panther Lake Technology

Jan 10, 2026

Asus Launches NUC 16 Pro: Aiming for the Fastest Mini PC with Panther Lake Technology

The Panther Lake-based Asus NUC 16 Pro combines impressive integrated graphics with top-tier AI capabilities, targeting creators and developers.

Nvidia's Rubin DGX SuperPOD: A New Era of AI Computing with 28.8 Exaflops

Jan 9, 2026

Nvidia's Rubin DGX SuperPOD: A New Era of AI Computing with 28.8 Exaflops

Nvidia's Rubin DGX SuperPOD achieves 28.8 Exaflops using 576 GPUs, merging advanced compute, memory, and software to compete with Huawei's SuperPOD.

Acer Unveils Veriton RA100 Mini PC with Ryzen AI Max+ 395 for Creators

Jan 9, 2026

Acer Unveils Veriton RA100 Mini PC with Ryzen AI Max+ 395 for Creators

Acer targets creators and developers building and running local models with its Veriton RA100 Ryzen AI Max+ 395 mini PC.

FBI Warns of North Korean Hackers Exploiting QR Codes for Phishing Attacks

Jan 9, 2026

FBI Warns of North Korean Hackers Exploiting QR Codes for Phishing Attacks

Kimsuky's latest attacks can bypass email protections and MFA to steal M365 and VPN accounts.