GitLost: We Tricked GitHub's AI Agent into Leaking Private Repos

Noma Labs discovered a critical prompt injection vulnerability, dubbed 'GitLost,' in GitHub's new Agentic Workflows, allowing an unauthenticated attacker to silently extract data from private repositories. This is achieved by posting a specially crafted GitHub Issue in a public repository belonging to the same organization as the private ones.
TL;DR : Noma Labs discovered a critical prompt injection vulnerability within GitHub’s new Agentic Workflows, allowing an unauthenticated attacker to silently pull data from private repositories by posting a crafted GitHub Issue in a public repository belonging to the same organization as the private repositories. Noma Labs named the vulnerability GitLost.
Get the full story
Sign up for Headlinne to unlock AI insights, political bias analysis, and your personalized news feed.
Create free accountAlready have an account? Sign in