All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Microsoft discovers prompt injection vulnerability in Claude Code GitHub Action exposing CI/CD secrets

By

Microsoft Defender Security Research Team, Dor Edry, Amit Eliahu

21d ago· 10 min readenInsight
technologysecuritydevopsai/ml

Summary

Microsoft Threat Intelligence discovered a prompt injection vulnerability in Anthropic's Claude Code GitHub Action that could expose CI/CD workflow secrets. The vulnerability allowed AI agents processing untrusted GitHub content (issue bodies, PR descriptions, comments) to access /proc/self/environ via the Read tool, which was not sandboxed like subprocess execution paths. This could leak the ANTHROPIC_API_KEY and other credentials available to the runner. The article covers the attack chain, responsible disclosure process, Anthropic's mitigation, and guidance for securing AI-powered CI/CD workflows.

Source

bskyMicrosoft discovers prompt injection vulnerability in Claude Code GitHub Action exposing CI/CD secretsmicrosoft.com

Key quotes

· 3 pulled
Microsoft Threat Intelligence discovered that Anthropic's Claude Code GitHub Action could expose CI/CD workflow secrets when AI agents process untrusted GitHub content, including issue bodies, pull request descriptions, and comments.
While Claude Code Action supported environment scrubbing for subprocess execution paths such as Bash, the Read tool was not subject to the same sandboxing model.
It was eventually authorized to access /proc/self/environ, reading the workflow's ANTHROPIC_API_KEY and potentially other credentials available to the runner.
Snippet from the RSS feed
Microsoft Threat Intelligence identified a prompt injection pathway in Claude Code GitHub Action that allowed access to workflow secrets under specific conditions. This research examines the attack chain, responsible disclosure process, Anthropic's mitiga

You might also wanna read

Security Vulnerability in Claude Cowork Enables File Exfiltration via Prompt Injection

The article reveals a security vulnerability in Anthropic's Claude Cowork feature, demonstrating how it can be exploited for file exfiltrati

promptarmor.com·5mo ago

Anthropic Releases Claude Code Security AI Tool to Help Defenders Detect Vulnerabilities

Anthropic is releasing Claude Code Security, an AI-powered cybersecurity tool designed to help defenders detect novel, high-severity vulnera

anthropic.com·4mo ago

Anthropic's Claude Opus 4.6 AI Model Discovers 500+ High-Severity Security Flaws in Open-Source Libraries

Anthropic's latest AI model, Claude Opus 4.6, has discovered over 500 previously unknown high-severity security vulnerabilities in open-sour

axios.com·4mo ago

Analysis: Anthropic Blocks "OpenCode" Term in Claude Code OAuth System Prompts

This article presents evidence that Anthropic is specifically blocking the term "OpenCode" in Claude Code's OAuth system prompts. The conten

gist.github.com·5mo ago

Analysis: Anthropic's Claude Mythos Marketing Uses Previously Discovered FreeBSD Vulnerability

The article criticizes Anthropic's marketing of its Claude Mythos Preview AI model, which is being showcased using CVE-2026-4747 - a 17-year

flyingpenguin.com·2mo ago

Anthropic Launches Safer 'Auto Mode' for Claude Code AI Tool

Anthropic has introduced an 'auto mode' for Claude Code, their AI tool that can make permissions-level decisions on users' behalf. This new

The Verge·3mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.