Noma Labs tricked GitHub's AI agent into leaking private repositories with a crafted issue. The prompt-injection flaw, GitLost, has no code fix.
An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
A prompt injection attack can trick GitHub’s preview Agentic Workflows into retrieving content from private repositories and ...
GitHub Inc.’s new Agentic Workflows feature that allowed an unauthenticated attacker to siphon data from private code ...
Tom's Hardware on MSN
AI coding agents can be tricked into installing malware via 'clean' GitHub repositories
Three levels of indirection, all with seemingly innocuous steps, will catch a bot off-guard.
A critical prompt injection vulnerability in GitHub Agentic Workflows could allow unauthenticated attackers to leak private repository data, ...
Mozilla 0DIN’s Claude Code demo shows how clean GitHub repos can expose AI coding agents to prompt injection, reverse shells, ...
A security researcher, working with colleagues at Johns Hopkins University, opened a GitHub pull request, typed a malicious instruction into the PR title, and watched Anthropic’s Claude Code Security ...
Microsoft-owned GitHub continues to embrace OpenAI and Anthropic AI advances. Microsoft-owned GitHub continues to embrace OpenAI and Anthropic AI advances. is a senior correspondent and author of ...
Researchers have uncovered a sustained campaign using GitHub's public APIs and ghost accounts to profile enterprise software ...
A new study has found that coding agents were used in an estimated range of 22.20% to 28.66% of 128,018 GitHub projects. The researchers found adoption across mature projects, established ...
Varonis Systems, Inc. (NASDAQ: VRNS), the data and AI security leader, today announced support for Cursor, the AI-native coding tool. Varonis Atlas provides runtime enforcement, threat detection, and ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results