Thehackernews
GitHub's AI Agent Vulnerability Exposes Private Repos via Prompt Injection
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A critical vulnerability named 'GitLost' was discovered in GitHub's Agentic Workflows, allowing unauthenticated attackers to extract data from private repositories by crafting a GitHub Issue in a public repository. The flaw exploits the AI agent's ability to interpret plain English commands as instructions, leading to unauthorized data leakage. Researchers from Noma Security demonstrated that by embedding hidden commands in a public issue, the AI agent could retrieve sensitive information from private repos without needing credentials or access. The attack method relies on a prompt injection technique that bypasses existing guardrails by using specific wording, such as the word 'Additionally.' GitHub has been informed of the vulnerability, but no CVE has been assigned, and the company has yet to implement any documentation or fixes. This incident highlights the broader risks associated with AI agents in software development environments.
Key Points: • The GitLost vulnerability allows unauthorized data access from private GitHub repositories. • Attackers can exploit the flaw by submitting crafted GitHub Issues in public repositories. • No coding skills or credentials are required to execute the attack, making it highly accessible.