Get the latest tech news

GitLost: We Tricked GitHub's AI Agent into Leaking Private Repos


TL;DR: Noma Labs discovered a critical prompt injection vulnerability within GitHub’s new Agentic Workflows, allowing an unauthenticated attacker to silently pull data from private repositories by posting a crafted GitHub Issue in a public repository belonging to the same organization as the private repositories. Noma Labs named the vulnerability GitLost.    Introduction GitHub recently launched […]

None

Get the Android app

Or read this on Hacker News

Read more on:

Photo of GitHub

GitHub

Photo of AI agent

AI agent

Related news:

News photo

The GitHub Actions Attack Pattern Your CI Security Scanners Miss

News photo

GitHub cuts short offer to burn repos on CD after mockery ensues

News photo

JadePuffer ransomware used AI agent to automate entire attack