News Score: Score the News, Sort the News, Rewrite the Headlines

GitLost: How We Tricked GitHub’s AI Agent into Leaking Private Repos - Noma Security

TL;DR: Noma Labs discovered a critical prompt injection vulnerability within GitHub’s new Agentic Workflows, allowing an unauthenticated attacker to silently pull data from private repositories by posting a crafted GitHub Issue in a public repository belonging to the same organization as the private repositories. Noma Labs named the vulnerability GitLost. https://noma.security/wp-content/uploads/GitLost-full-video-1.mp4 Introduction GitHub recently launched GitHub Agentic Workflows, pairing GitH...

Read more at noma.security

© News Score  score the news, sort the news, rewrite the headlines