IBM's AI agent Bob easily duped to run malware, researchers show

IBM describes its coding agent thus: "Bob is your AI software development partner that understands your intent, repo, and security standards." Unfortunately, Bob doesn't always follow those security standards.

Announced last October and presently in closed beta testing, IBM offers Bob in the form of a command line interface – a CLI, like Claude Code – and an integrated development environment – an IDE like Cursor.

Security researchers at PromptArmor have been evaluating Bob prior to general release and have found that IBM's "AI development partner" can be manipulated into executing malware. They report that the CLI is vulnerable to prompt injection attacks that allow malware execution and that the IDE is vulnerable to common AI-specific data exfiltration vectors.

AI agent software – models given access to tools and tasked with some goal in an iterative loop – is notoriously insecure and often comes with warnings from vendors. The risks have been demonstrated ...