'GitLost' Flaw Leaks Private Data From GitHub's Agentic Workflows
The flaw allows an unauthenticated attacker to craft a GitHub Issue in an org's public repository and then silently pull data from its private repos, too.
Read the full articleYou might also wanna read
‘GitLost’ vulnerability let GitHub’s AI workflows leak private repositories
GitHub Inc.’s new Agentic Workflows feature that allowed an unauthenticated attacker to siphon data from private code ...

GitLost Flaw Exposes GitHub Repos via AI Workflow
Discover how the GitLost vulnerability exploits GitHub's AI Workflows, revealing private repositories. Learn the implications and defenses.
GitLost: GitHub’s AI Agent Tricked Into Leaking Private Repository Data
Noma Labs details GitLost, a prompt injection flaw that made GitHub’s AI agent expose private repo data through a crafted public issue and g
Critical prompt injection flaw in GitHub Agentic Workflows allows private repo data leaks
Per usual, there's no fix – or even any documentation – for GitLost
GitLost Vulnerability Steals Private Code via GitHub AI Agents
Researchers from Noma Labs have discovered a vulnerability in GitHub Agentic Workflows that allows private repository contents to be extract

GitLost shows how a public issue can make GitHub's AI agent leak private repo data
Noma Labs says a prompt injection in GitHub Agentic Workflows crossed from public issue text into private repository content.

Comments
Sign in to join the conversation.
No comments yet. Be the first.