E-Ink News Daily

Back to list

GitLost: How We Tricked GitHub’s AI Agent into Leaking Private Repos

Noma Security researchers identified a critical prompt injection vulnerability in GitHub's new Agentic Workflows feature, dubbed 'GitLost'. This flaw allows unauthenticated attackers to trick the AI agent into leaking data from private repositories by posting malicious content in public issues within the same organization.

Background

GitHub recently launched Agentic Workflows, which combine GitHub Actions with AI agents like Claude or Copilot to automate repository tasks using natural language. This feature introduces new attack surfaces where AI models process untrusted user-generated content.

Source
Lobsters
Published
Jul 8, 2026 at 10:04 PM
Score
9.0 / 10