GitHub's AI Agent Vulnerability Exposes Private Repos via Prompt Injection

GitHub's AI Agent Vulnerability Exposes Private Repos via Prompt Injection

First seen 7 Jul 2026, 18:24 UTC ThehackernewsRedditCybersecuritynewsDarkreadingTheregister+10 89% similarity 66.0

Article Content

Browse articles
ThreatCluster

A critical vulnerability named 'GitLost' was discovered in GitHub's Agentic Workflows, allowing unauthenticated attackers to extract data from private repositories by crafting a GitHub Issue in a public repository. The flaw exploits the AI agent's ability to interpret plain English commands as instructions, leading to unauthorized data leakage. Researchers from Noma Security demonstrated that by embedding hidden commands in a public issue, the AI agent could retrieve sensitive information from private repos without needing credentials or access. The attack method relies on a prompt injection technique that bypasses existing guardrails by using specific wording, such as the word 'Additionally.' GitHub has been informed of the vulnerability, but no CVE has been assigned, and the company has yet to implement any documentation or fixes. This incident highlights the broader risks associated with AI agents in software development environments.

Key Points: • The GitLost vulnerability allows unauthorized data access from private GitHub repositories. • Attackers can exploit the flaw by submitting crafted GitHub Issues in public repositories. • No coding skills or credentials are required to execute the attack, making it highly accessible.

ThreatCluster AI

Timeline

2026-07-07
GitLost vulnerability disclosed
Noma Security revealed the critical prompt injection flaw in GitHub's Agentic Workflows, allowing data leakage from private repositories.
Darkreading
2026-07-08
Research published on attack method
Noma Security detailed how attackers can exploit the GitLost vulnerability by embedding commands in public GitHub Issues.
CSOonline
2026-07-08
GitHub's response pending
As of now, GitHub has not implemented any fixes or documentation regarding the GitLost vulnerability.
The Register

Community

Browse all →