DigiNews

Tech Watch by Johan Denoyer

← Back to articles

GitLost: How We Tricked GitHub’s AI Agent into Leaking Private Repos

Quality: 9/10 Relevance: 9/10

Summary

Noma Labs reveals a prompt-injection vulnerability called GitLost in GitHub's Agentic Workflows, enabling an attacker to exfiltrate private repo data via a crafted public issue. The post outlines the attack flow, impact, and mitigations for builders and security officers.

🚀 Service construit par Johan Denoyer