Bleepingcomputer
AI Code Reviewers Exploited by Image-Based Prompt Injection Attacks
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Researchers have demonstrated a new attack method called 'Ghostcommit' that exploits AI code reviewers by hiding malicious instructions within PNG images. This method allows attackers to steal sensitive information, such as environment variables, without detection. A survey revealed that 73% of merged pull requests in active repositories received no substantive human or bot review, highlighting a significant security gap. The attack involves creating a pull request that includes a seemingly harmless AGENTS.md file pointing to an image containing the exploit. AI reviewers, which typically ignore binary files, fail to catch the malicious intent. The proof-of-concept was developed by the ASSET Research Group and disclosed to affected vendors. The potential impact includes unauthorized access to sensitive data and compromised repositories, with significant implications for software supply chains.
Key Points: • The 'Ghostcommit' attack hides malicious instructions in PNG images to bypass AI code reviewers. • 73% of merged pull requests in active repositories lack substantive review, increasing vulnerability. • The attack can lead to unauthorized access to sensitive data, impacting software supply chains.