'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets

Reddit r/AI_Agents Papers

Summary

Researchers demonstrate a new prompt injection attack where malicious instructions hidden in images bypass AI code reviewers and cause coding agents to leak repository secrets.

Researchers have built a pull request that steals a repository's secrets by hiding the malicious instruction inside a PNG that AI code reviewers never open. The reviewer waves the change through. Later, a coding agent reads the picture, opens the repo's .env, and writes every key into the source as a harmless-looking list of numbers.
Original Article

Similar Articles

Understanding prompt injections: a frontier security challenge

OpenAI Blog

OpenAI publishes guidance on prompt injection attacks, a social engineering vulnerability where malicious instructions hidden in web content or documents can trick AI models into unintended actions. The company outlines its multi-layered defense strategy including instruction hierarchy research, automated red-teaming, and AI-powered monitoring systems.

GitLost: We Tricked GitHub's AI Agent into Leaking Private Repos

Hacker News Top

Noma Labs discovered a critical prompt injection vulnerability in GitHub's Agentic Workflows, allowing unauthenticated attackers to exfiltrate data from private repositories by posting a crafted GitHub issue in a public repository of the same organization.