GitHub AI Agent Leaks Private Repositories via Prompt Injection Attack
Noma Labs said a single crafted GitHub issue could make the AI agent expose private repository content as a public comment.
9 Articles
9 Articles
GitLost: GitHub's AI agent leaks private repos when asked
Researchers tricked GitHub’s AI coding agent into leaking private repositories with nothing but a politely worded issue. The flaw, named GitLost, has no code fix, and GitHub has yet to even document it. GitHub’s new AI agent can be talked into handing over your private code. Security firm Noma Labs found a way to make […] This story continues at The Next Web
GitHub AI agent leaks private repositories via prompt injection attack
A prompt injection attack can trick GitHub’s preview Agentic Workflows into retrieving content from private repositories and publishing it publicly, exposing a broader risk as enterprises deploy AI agents with privileged access to software development environments, according to new research from Noma Security. The AI security company detailed the attack, dubbed GitLost, in a blog post, saying an unauthenticated attacker could exploit GitHub’s pr…
GitHub AI agent leaks private repos when asked nicely
Malicious prompters could easily trick GitHub agents into pulling data from private repositories and then leaking the information as a public comment for anyone to access, according to Noma Labs researchers who named the vulnerability GitLost. The issue exists in GitHub’s Agentic Workflows, which allow an AI agent powered by Claude or GitHub Copilot to autonomously execute tasks in GitHub Actions. As the AI security sleuths discovered and detail…
Researchers discovered a flaw in extracting data from GitHub private repositories without any authentication, just by trapping the IA agent in charge of answering tickets. At the end of June 2026, GitHub launched the Agentic Workflows, a feature that combines GitHub Actions (the automation system)
Critical Vulnerability Exposes GitHub Agentic Workflows to Prompt Injection
Researchers show how attackers can use a crafted public GitHub Issue to trick AI-powered workflows into exposing data from private repositories without authentication. The post Critical Vulnerability Exposes GitHub Agentic Workflows to Prompt Injection appeared first on SecurityWeek.
Coverage Details
Bias Distribution
- 75% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium







