
GitLost Attack Uses GitHub Issues to Exfiltrate Private Repo Data Through AI Agent Comments
A prompt injection vulnerability in GitHub’s Agentic Workflows that let an unauthenticated attacker exfiltrate private repository contents simply by posting a crafted issue in a public repo. Security researchers at Noma Labs, the research arm of Noma Security, discovered that GitHub’s AI agent could be manipulated into leaking data from private repositories through nothing more […]
The post GitLost Attack Uses GitHub Issues to Exfiltrate Private Repo Data Through AI Agent Comments appeared first on Cyber Security News.