GitLost: How We Tricked GitHub’s AI Agent into Leaking Private Repos - Noma SecurityWeb Page - noma.security
noma.security

GitLost: How We Tricked GitHub’s AI Agent into Leaking Private Repos - Noma Security

TL;DR: Noma Labs discovered a critical prompt injection vulnerability within GitHub’s new Agentic Workflows, allowing an unauthenticated attacker to silently pull data from private repositories by posting a crafted GitH…

If the page stays blank, open it in a new tab. Your Weird rating still works from the top bar.

Open source