'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets
A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit,' slipped past AI code reviewers CodeRabbit and Bugbot, which never open…
Read the full articleYou might also wanna read
'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets
The 'Ghostcommit' technique hides malicious prompt injection instructions inside PNG images within a code repository. These images are ignor
Ghostcommit Attack: Malicious Instructions in Images Deceive AI Agents
Researchers have introduced the Ghostcommit method, which allows embedding prompt injections into PNG images to steal secrets via AI agents.

Ghostcommit Camouflages Prompt Injection in Images to Bypass AI Security & Data Theft
Researchers have developed a novel method to bypass AI-driven code review processes by embedding malicious... The post Ghostcommit Camouflag

Ghostcommit Exploit Hides Malicious Code in Images
Discover how Ghostcommit hides harmful code in images, evading AI detection. Stay informed to protect your systems.
GitLost Vulnerability Steals Private Code via GitHub AI Agents
Researchers from Noma Labs have discovered a vulnerability in GitHub Agentic Workflows that allows private repository contents to be extract
Critical prompt injection flaw in GitHub Agentic Workflows allows private repo data leaks
Per usual, there's no fix – or even any documentation – for GitLost

Comments
Sign in to join the conversation.
No comments yet. Be the first.