AI Coding Flaws Allow BBC Reporter Zero-Click Hack
A BBC investigation has exposed a significant and unfixed cyber security risk in a popular AI coding platform, demonstrating how a researcher was able to hijack a reporter's laptop without any user interaction.
Mark Fermor
Director & Co-Founder, Firevault
AI Coding Platform Security Flaws Exposed in BBC Investigation
A BBC investigation has revealed a significant and currently unfixed cyber security vulnerability in a popular AI coding platform known as Orchids, a so-called "vibe coding" tool that allows users without technical skills to build applications using text prompts.
The platform, which claims over one million users including staff at major companies such as Google, Uber, and Amazon, was found to contain security flaws that allowed a researcher to execute a zero-click attack on a BBC reporter's laptop.
The Attack Demonstrated
Cyber security researcher Etizaz Mohsin demonstrated the vulnerability to the BBC by exploiting a weakness in the platform. After the reporter began a coding project using Orchids, Mohsin was able to gain access to the project, view and edit code, and ultimately gain control of the reporter's machine.
The researcher inserted a small line of code into the thousands of lines generated by the AI, which allowed him to access the computer. A notepad file appeared on the desktop, and the wallpaper was changed to confirm the breach.
The implications are stark. A malicious actor could have installed a virus, stolen private or financial data, accessed internet history, or even activated cameras and microphones, all without any action required from the victim.
A New Class of Vulnerability
"The vibe coding revolution has introduced a fundamental shift in how developers interact with their tools, and this shift has created an entirely new class of security vulnerability that did not exist before," Mohsin explained. "The whole proposition of having the AI handle things for you comes with big risks."
Mohsin, who has a track record of uncovering dangerous software flaws including work on the Pegasus spyware, said he discovered the vulnerability in December 2025. Despite sending around a dozen messages across email, LinkedIn, and Discord, the Orchids team only responded this week, stating they "possibly missed" his warnings as they were "overwhelmed with inbound" messages.
Expert Warnings
Professor Kevin Curran of Ulster University noted: "The main security implications of vibe coding are that without discipline, documentation, and review, such code often fails under attack."
Karolis Arbaciauskas, head of product at NordPass, advised caution: "While it is exciting and curious to see what an AI agent can do without any security guardrails, this level of access is also extremely insecure." He recommends running such tools on separate, dedicated machines with disposable accounts.
How Firevault Would Have Protected These Users
This incident highlights precisely the type of threat that Firevault's offline secure storage architecture is designed to neutralise. Here is how each product directly addresses the risks exposed in this attack:
Firevault Vault would have ensured that any sensitive personal files, credentials, financial records, or private documents stored on the reporter's machine were instead held in a physically disconnected, air-gapped environment. Even with full remote access to the laptop, an attacker would find nothing of value to steal, because the data simply would not be there. The Vault is offline by default, meaning there is no network path for an attacker to traverse.
Firevault Storage provides the same Layer 1 physical air gap protection for businesses and development teams. Source code repositories, API keys, client data, and intellectual property stored in Firevault Storage would have been entirely unreachable during this zero-click attack. The out-of-band control plane, which uses no IP address, no network connection, and no admin interface, means that even if a development environment is fully compromised, the attacker cannot reach, discover, or manipulate data held in a Firevault Bunker.
The Firevault Platform ties these protections together with identity-verified access, hardware encryption, and the Butterfly enterprise methodology. Data is only accessible during explicitly authorised sessions, and the system returns to its default offline state the moment a session ends.
The core lesson is clear: you cannot breach what is not connected. While the industry debates how to secure AI-driven development tools, Firevault removes the attack surface entirely.
Source: BBC News
Published by Mark Fermor, Director and Co-Founder, Firevault
Share this article
AI Coding Flaws Allow BBC Reporter Zero-Click Hack
A BBC investigation has exposed a significant and unfixed cyber security risk in a popular AI coding platform, demonstrating how a researcher was able to hijack a reporter's laptop without any user interaction.
Related Reading
You may also find these useful
St Anne's School Ransomware: Files Must Live Offline
St Anne's Catholic School in Southampton was shut for four days after ransomware hit its network. It is not the first school to be targeted. From nurseries to councils, sensitive safeguarding data remains dangerously exposed on connected systems.
TfL Hack: 10 Million Records Stolen in Major Breach
Transport for London has confirmed that around 10 million customer records were stolen during the 2024 Scattered Spider cyber attack, making it one of the largest data breaches in British history. The revelation raises urgent questions about transparency, regulatory accountability and the case for offline secure storage.
Major Telco Breach: 6.2 Million Users Exposed
Dutch telecommunications provider Odido has confirmed a cyberattack that exposed the personal data of 6.2 million customers, including names, addresses, bank account numbers, and identity document details. The breach, detected on the weekend of 7 February 2026, was reported to the Dutch Data Protection Authority.