'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets
Summary
Researchers demonstrate a new prompt injection attack where malicious instructions hidden in images bypass AI code reviewers and cause coding agents to leak repository secrets.
Similar Articles
Inside Ghostcommit: How Malicious PNGs Bypass AI Code Reviewers
Ghostcommit is a novel supply chain exploit that uses malicious PNG images containing text instructions to bypass AI code reviewers, leading to data exfiltration from developer environments.
Understanding prompt injections: a frontier security challenge
OpenAI publishes guidance on prompt injection attacks, a social engineering vulnerability where malicious instructions hidden in web content or documents can trick AI models into unintended actions. The company outlines its multi-layered defense strategy including instruction hierarchy research, automated red-teaming, and AI-powered monitoring systems.
Now, defenders are embracing the prompt injection, too
Tracebit introduces 'context bombing,' a technique that uses prompt injections as defensive decoys to halt AI hacking agents, reducing admin compromise from 57% to 5% across tests with leading LLMs.
Prompt injection took down a production agent last week — here's what our post-mortem found
A production AI support agent was compromised via prompt injection, exposing other customers' data. The post-mortem revealed lack of enforcement layers, useless audit trails, and no kill switch, highlighting systemic security gaps in deploying AI agents.
GitLost: We Tricked GitHub's AI Agent into Leaking Private Repos
Noma Labs discovered a critical prompt injection vulnerability in GitHub's Agentic Workflows, allowing unauthenticated attackers to exfiltrate data from private repositories by posting a crafted GitHub issue in a public repository of the same organization.