Article may be outdated

This article is 12 days old. Some details may have changed since publication.

Hacker News·3 min read·hard

GitLost: We Tricked GitHub's AI Agent into Leaking Private Repos

C
ColinEberhardt
GitLost: We Tricked GitHub's AI Agent into Leaking Private Repos
AI Summary

Noma Labs discovered a critical prompt injection vulnerability, dubbed 'GitLost,' in GitHub's new Agentic Workflows, allowing an unauthenticated attacker to silently extract data from private repositories. This is achieved by posting a specially crafted GitHub Issue in a public repository belonging to the same organization as the private ones.

TL;DR : Noma Labs discovered a critical prompt injection vulnerability within GitHub’s new Agentic Workflows, allowing an unauthenticated attacker to silently pull data from private repositories by posting a crafted GitHub Issue in a public repository belonging to the same organization as the private repositories. Noma Labs named the vulnerability GitLost.

Continue reading on Headlinne

Create a free account to read the full article.

Read full article →
technologyaibusiness

Get the full story

Sign up for Headlinne to unlock AI insights, political bias analysis, and your personalized news feed.

Create free account

Already have an account? Sign in

GitLost: We Tricked GitHub's AI Agent into Leaking Private Repos — Headlinne — headlinne