AI coding platform's flaws allow BBC reporter to be hacked

Source: BBC Technology

AI Coding Platform’s Flaws Allow BBC Reporter to Be Hacked

48 minutes ago
Joe Tidy, Cyber Correspondent, BBC World Service

The hacker was able to hijack a BBC reporter’s laptop and replace the desktop wallpaper with the image above.

The BBC has been shown a significant – and still unfixed – cyber‑security risk in a popular AI coding platform.

Orchids is a so‑called “vibe‑coding” tool, meaning people without technical skills can build apps and games simply by typing a text prompt into a chatbot.

These platforms have exploded in popularity in recent months and are often hailed as an early example of how various professional services could be delivered quickly and cheaply by AI.

However, experts say the ease with which Orchids can be compromised demonstrates the risks of granting AI bots deep access to our computers in exchange for the convenience of autonomous task execution.

The BBC has repeatedly asked the company for comment, but it has not replied.

“You Are Hacked”

Orchids claims to have a million users and says it is used by top companies such as Google, Uber, and Amazon.
It is rated as the best program for certain elements of vibe‑coding according to App Bench and other analysts.

Its security flaws were demonstrated to the BBC by cybersecurity researcher Etizaz Mohsin.

My Test with the Orchids Desktop App

I installed the Orchids desktop app on a spare laptop that I use for experiments and started a vibe‑coding project as a test.

Orchids is one of many AI‑agent platforms that writes code for users with no programming experience.

I asked Orchids to help me build a simple computer game based on the BBC News website.
Immediately, the AI assistant began generating code on the screen—code that, without any experience, I couldn’t understand.

The Exploit

Exploiting a cybersecurity weakness (which we are not disclosing), Mohsin was able to gain access to my project, view the code, and edit it. He inserted a single line of malicious code somewhere among thousands of characters.

The hidden line allowed him to take control of my computer. Shortly after, a Notepad file titled “Joe is hacked” appeared on the desktop, and the wallpaper changed to an image of an AI hacker.

Potential Consequences

• Installation of malware without any user interaction (a zero‑click attack).
• Theft of private or financial data.
• Access to internet history, camera, and microphone.
• Compromise of any of the tens of thousands of projects hosted on the platform.

“The vibe‑coding revolution has introduced a fundamental shift in how developers interact with their tools, and this shift has created an entirely new class of security vulnerability that didn’t exist before,” Mohsin told me.
“The whole proposition of having the AI handle things for you comes with big risks.”

About the Researcher

• Name: Etizaz Mohsin
• Age: 32
• Origin: Pakistan; now resides in the UK
• Background: Known for uncovering dangerous software flaws, including work on the infamous Pegasus spyware.
• Timeline: Discovered the Orchids flaw while experimenting with vibe‑coding in December 2025. Since then, he has sent roughly a dozen messages to Orchids via email, LinkedIn, and Discord.

The Orchids team finally responded this week, acknowledging they may have “missed” his warnings because they are “overwhelmed with inbound messages.”

About Orchids

• Founded: 2025 (San Francisco)
• Employees: Fewer than 10 (according to the company’s LinkedIn page)
• Claims: Used by major tech firms; marketed as a leading vibe‑coding platform.

This article has been cleaned up for readability while preserving the original information and sources.

AI Agent Risks

Mohsin says he has only found the flaws in Orchids, and not yet in other vibe‑coding platforms such as Claude Code, Cursor, Windsurf, and Lovable.

Nevertheless, experts say this should serve as a warning.

“The main security implications of vibe‑coding are that without discipline, documentation, and review, such code often fails under attack,”
— Kevin Curran, professor of cybersecurity, Ulster University

AI tools that carry out complex tasks for us—known as agentic AI—are increasingly hitting the headlines.

One recent example is the viral Clawbot agent (also known as Moltbot or Open Claw). The AI bot can run tasks on your own device—such as sending WhatsApp messages or managing your calendar—with little human input. It is estimated that the free AI agent has been downloaded by hundreds of thousands of people and has deep access to users’ computers, which also means many potential security risks and flaws.

“While it’s exciting and curious to see what an AI agent can do without any security guardrails, this level of access is also extremely insecure,”
— Karolis Arbaciauskas, head of product, NordPass

His advice: run these tools on separate, dedicated machines and use disposable accounts for any experimentation.

Images