Skip to main content
institutional access

You are connecting from
Lake Geneva Public Library,
please login or register to take advantage of your institution's Ground News Plan.

Published loading...Updated

GitHub AI Agent Leaks Private Repositories via Prompt Injection Attack

Noma Labs said a single crafted GitHub issue could make the AI agent expose private repository content as a public comment.

Summary by CSO Online
A prompt injection attack can trick GitHub’s preview Agentic Workflows into retrieving content from private repositories and publishing it publicly, exposing a broader risk as enterprises deploy AI agents with privileged access to software development environments, according to new research from Noma Security. The AI security company detailed the attack, dubbed GitLost, in a blog post, saying an unauthenticated attacker could exploit GitHub’s pr…
Podcasts & Opinions

9 Articles

Researchers discovered a flaw in extracting data from GitHub private repositories without any authentication, just by trapping the IA agent in charge of answering tickets. At the end of June 2026, GitHub launched the Agentic Workflows, a feature that combines GitHub Actions (the automation system)

Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 75% of the sources are Center
75% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

HackRead broke the news on Tuesday, July 7, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

News
Feed Dots Icon
For You
Search Icon
Search
Blindspot LogoBlindspotLocal