AI Code Reviewers Exploited by Image-Based Prompt Injection Attacks

AI Code Reviewers Exploited by Image-Based Prompt Injection Attacks

First seen 11 Jul 2026, 09:52 UTC Bleepingcomputerasset-group.github.iowww.manifold.securitygithub.comwww.tines.com 88% similarity 66.0

Article Content

Browse articles
ThreatCluster

Researchers have demonstrated a new attack method called 'Ghostcommit' that exploits AI code reviewers by hiding malicious instructions within PNG images. This method allows attackers to steal sensitive information, such as environment variables, without detection. A survey revealed that 73% of merged pull requests in active repositories received no substantive human or bot review, highlighting a significant security gap. The attack involves creating a pull request that includes a seemingly harmless AGENTS.md file pointing to an image containing the exploit. AI reviewers, which typically ignore binary files, fail to catch the malicious intent. The proof-of-concept was developed by the ASSET Research Group and disclosed to affected vendors. The potential impact includes unauthorized access to sensitive data and compromised repositories, with significant implications for software supply chains.

Key Points: • The 'Ghostcommit' attack hides malicious instructions in PNG images to bypass AI code reviewers. • 73% of merged pull requests in active repositories lack substantive review, increasing vulnerability. • The attack can lead to unauthorized access to sensitive data, impacting software supply chains.

ThreatCluster AI

Timeline

2026-07-11
Ghostcommit attack demonstrated
Researchers revealed a method to steal secrets by embedding instructions in PNG files, bypassing AI reviewers.
BleepingComputer
2026-07-11
Survey on pull request reviews published
A survey of 6,480 pull requests showed 73% reached the default branch with no substantive review.
asset-group.github.io

Community

Browse all →