All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter
First reported by BackBox.org
GitLost: GitHub’s AI Agent Tricked Into Leaking Private Repository Data

Critical prompt injection flaw in GitHub Agentic Workflows allows private repo data leaks

Noma Labs researchers discovered a critical prompt injection vulnerability in GitHub's Agentic Workflows, dubbed GitLost. The flaw allows malicious actors to trick AI agents (powered by Claude or GitHub Copilot) into extracting data from private repositories and leaking it as public comments. The vulnerability remains unpatched with no documentation available from GitHub.

Jessica Lyons2h ago3 min readenNews
Read on theregister.com

Key quotes

Malicious prompters could easily trick GitHub agents into pulling data from private repositories and then leaking the information as a public comment for anyone to access
The workflows are vulnerable to a critical prompt injection flaw
Per usual, there's no fix – or even any documentation – for GitLost

From the article

Per usual, there's no fix – or even any documentation – for GitLost
Continue reading on theregister.com

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.