Get the latest tech news
GitLost: We Tricked GitHub's AI Agent into Leaking Private Repos
TL;DR: Noma Labs discovered a critical prompt injection vulnerability within GitHub’s new Agentic Workflows, allowing an unauthenticated attacker to silently pull data from private repositories by posting a crafted GitHub Issue in a public repository belonging to the same organization as the private repositories. Noma Labs named the vulnerability GitLost. Introduction GitHub recently launched […]
None
Or read this on Hacker News