Bottom line: A developer deliberately placed sabotage code in jqwik 1.10.0 to manipulate AI agents into deleting code, revealing a new security vulnerability in the open-source software supply chain.
In the Java test library jqwik version 1.10.0, the developer intentionally embedded prompt injection code designed to instruct AI agents such as Claude Code to delete tests and code. The incident reveals a new attack surface in the software supply chain and was later documented; the destructive commands were only removed in version 1.10.1.
The German developer of the popular Java testing framework jqwik, which functions as an extension for JUnit 5, made a deliberate modification in version 1.10.0. It was intended to sabotage AI-driven development processes and contained instructions for interacting AI agents to ignore all previous instructions and delete all jqwik tests and associated source code.
The technical implementation used ANSI control characters to hide the manipulative instructions from human reviewers. During manual review of logs, the behavior appeared unremarkable, while the destructive commands remained visible in the data stream. Advanced tools like Claude Code recognized the injection and refused to execute it. Less sophisticated automation chains were vulnerable.
After public disclosure, the developer adjusted the release notes and justified the measure by stating that jqwik was not intended for use by AI coding agents. When questioned by technical publications, he declined to provide detailed statements and cited massive pressure and impending legal consultation. The development team released version 1.10.1 on Friday and urgently warned against continued use of 1.10.0.
Source: www.it-daily.net · Published 9 June 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.