Techly NewsGet the app

Get the latest tech news

Researchers cause GitLab AI developer assistant to turn safe code malicious


AI assistants can’t be trusted to produce safe code.

Developer platform GitLab, for instance, claims its Duo chatbot can “instantly generate a to-do list” that eliminates the burden of “wading through weeks of commits.” What these companies don’t say is that these tools are, by temperament if not default, easily tricked by malicious actors into performing hostile actions against their users. “This vulnerability highlights the double-edged nature of AI assistants like GitLab Duo: when deeply integrated into development workflows, they inherit not just context—but risk,” Legit researcher Omer Mayraz wrote. “By embedding hidden instructions in seemingly harmless project content, we were able to manipulate Duo’s behavior, exfiltrate private source code, and demonstrate how AI responses can be leveraged for unintended and harmful outcomes.”

Get the Android app

Or read this on ArsTechnica

Read more on:

Photo of researchers

researchers

Photo of safe code

safe code

Photo of GitLab AI

GitLab AI

Related news:

News photo

Next Password Could Be Stored in Plastic

News photo

Samsung and US researchers say a new technology called thermoelectric cooling can make refrigerators 70% more energy efficient, and it could also enable them to harvest the power they need from their ambient environment.

News photo

Researchers Scrape 2 Billion Discord Messages and Publish Them Online

« Kids Don’t Have IDs And Age-Estimation Tech Is Frequently Very Wrong
CERN researchers took a few antimatter particles for a walk in an unprecedented transportation test | Portable containment will allow researchers to more accurtely study and measure antimatter »