Threat actors are exploiting AI code assistants through prompt injection and LLMJacking to embed backdoors and steal data, even without knowing the target system's details. These attacks bypass security measures by manipulating external data or directly invoking LLMs with stolen credentials. Strong code review, access controls, and context validation are crucial to defend against this emerging threat.