Developer embedded hidden prompt injection in jqwik to sabotage AI coders

The developer of jqwik—a popular Java library for property-based testing—embedded a hidden prompt injection into it. This instruction forces AI coders to delete all application output when they attempt to use the code.

Why jqwik specifically

The library's creator is dissatisfied with developers' growing dependence on AI assistants. He calls them 'vibe coders'—specialists who rely on AI-generated code instead of developing a deep understanding of architecture and technology.

jqwik is not a simple utility. It's a tool for property-based testing, where you define system properties and the library finds examples that violate those properties. It requires understanding the concept, the ability to write predicates, and working with data generators. But instead of reading the documentation, many developers simply ask ChatGPT or Claude.

The embedded instruction is a form of sabotage. If you're too lazy to figure out the tool, let it delete your code's results. Maybe that will make you read the documentation.

How the hidden instruction works

The technique is trivial: in code comments or in jqwik's text, the developer added lines that read as instructions for an LLM. When an AI assistant analyzes the library's source code, it sees these lines as part of the context and includes them in its analysis.

• A developer asks the AI: 'How do I use jqwik for testing?'
• The AI searches for examples in the library's source code
• Encounters the hidden instruction to delete outputs
• Includes this logic in the suggested code

Result: the generated code is correct, but all execution results are deleted. The test shows no results, and the program appears broken.

This works because modern AI models don't distinguish between comments and functional code—they see everything as context.

A vulnerability at the tool level

The incident demonstrates the fragility of AI code generator security. If an attacker embeds a prompt injection in a popular library, they can instruct the AI to generate vulnerable code—and the developer won't notice.

'This is a vulnerability at the development tool level, not just a bug

in the code'

Researchers have shown that hidden instructions can be embedded in source code, documentation, even in variable names. AI models follow these instructions, treating everything as context.

Possible attacks include: SQL injection insertion, data exfiltration to an attacker's server, bypassing security checks.

What this means

For developers: don't blindly trust code from AI assistants. Code review remains critical, regardless of the source.

For AI tool creators: an urgent signal to develop protection against prompt injections in code context.

For the ecosystem: popular libraries can now be used to attack AI tools.