Critical vulnerabilities in Google’s Gemini CLI and the Cursor AI editor have exposed how AI-assisted developer tools can create dangerous attack paths into CI/CD pipelines and workstations, raising alarms about the security of AI development infrastructure. Researchers identified command injection and prompt injection flaws in Gemini CLI that allowed attackers to execute arbitrary commands with the same privileges as the CLI process, potentially compromising sensitive credentials, source code, and AI model data, while a separate Cursor vulnerability enabled sandbox escape through malicious Git configurations to trigger remote code execution. Google acknowledged the Gemini CLI findings and issued fixes through its Vulnerability Rewards Program, but the unpatched CursorJacking access control flaw in Cursor still allows extensions to access local API keys and credentials, leaving organizations at risk of account takeover and data exposure. These discoveries underscore the growing urgency for developers and enterprises to rigorously secure AI development tools, as compromised AI interfaces can now directly manipulate system-level operations and supply chains.