
New Ghostcommit Attack Hides Malicious Prompts in Images to Exploit AI Agents
A novel supply chain attack called “Ghostcommit” that conceals prompt-injection instructions within PNG images to bypass AI code reviewers and trick coding agents into leaking secrets such as .env files. The ASSET Research Group demonstrated that a pull request containing an explicit, plain-text instruction to exfiltrate a repository’s .env file is caught immediately by LLM-based […]
The post New Ghostcommit Attack Hides Malicious Prompts in Images to Exploit AI Agents appeared first on Cyber Security News.