• Home
  • Blog
  • Android
  • Cars
  • Gadgets
  • Gaming
  • Internet
  • Mobile
  • Sci-Fi
Tech News, Magazine & Review WordPress Theme 2017
  • Home
  • Blog
  • Android
  • Cars
  • Gadgets
  • Gaming
  • Internet
  • Mobile
  • Sci-Fi
No Result
View All Result
  • Home
  • Blog
  • Android
  • Cars
  • Gadgets
  • Gaming
  • Internet
  • Mobile
  • Sci-Fi
No Result
View All Result
Blog - Creative Collaboration
No Result
View All Result
Home Mobile

GitHub’s AI agent leaks private repos when asked

July 8, 2026
Share on FacebookShare on Twitter

Researchers tricked GitHub’s AI coding agent into leaking private repositories with nothing but a politely worded issue. The flaw, named GitLost, has no code fix, and GitHub has yet to even document it.

GitHub’s new AI agent can be talked into handing over your private code. Security firm Noma Labs found a way to make it read a private repository and paste the contents into a public comment, the researchers wrote in a blog post. They named the flaw GitLost.

The target is GitHub Agentic Workflows, launched this year. They pair GitHub Actions with an AI agent backed by Claude or GitHub Copilot. Teams write the workflows in plain Markdown. The agent then reads issues, calls tools, and acts on its own.

Asked nicely

The attack needs no skill. An attacker opens an issue in a public repo of an organisation that uses the workflows. They hide plain-English commands in the issue body. The agent obeys them.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

“All that was needed was to open an issue in a public repository belonging to an organization that uses GitHub’s Agentic Workflow setup and wait,” Noma research lead Sasi Levi told The Register. No coding, no credentials, no access.

In the proof of concept, a fake issue posed as a request from a VP of sales. Buried in the list sat a question: what does the README file say in a private repo? The agent fetched it from both a public and a private repository, then posted the contents in the open.

GitHub had guardrails to stop exactly this. One word slipped past them. Adding “Additionally” to the prompt nudged the model to reframe its answer rather than refuse. The data spilled.

No fix, no docs

Prompt injection like this resists a code patch, a problem now familiar across agentic AI. It is the same class of trick that has fooled AI browsers into leaking passwords. Noma proposed a simple documentation note instead, warning teams about sharing keys between repos.

GitHub has not added it. The company did not respond to The Register, though it knew Noma planned to publish. Levi put the stakes plainly. “An autonomous agent should not be a risk for silent data exfiltration and secrets exposure,” he said. “You can’t protect what you can’t see and control.”

Why it matters

The pattern keeps repeating. An agent’s context window doubles as its attack surface. Anything it reads, an issue, a comment, a file, can carry hidden orders. Noma likens prompt injection to the SQL injection that plagued the early web: a whole category of flaw, not a one-off bug.

Developers already sit in the crosshairs, from poisoned npm packages to fully agentic ransomware. A market has sprung up to police these agents. GitLost shows why. Until someone fixes the trust boundary, agents will keep leaking secrets when asked nicely.

Next Post

Allianz to cut up to 1,800 jobs as AI takes over call-centre work

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

No Result
View All Result

Recent Posts

  • L.O.L. Surprise! Music Festival collection: Where to buy Jennie and Rosalía dolls
  • New study finds gaming doesn’t rot your brain, but compulsive habits can
  • Nomagic puts an AI brain into live warehouse robots
  • help me visualize my wedding decor in real time
  • Allianz to cut up to 1,800 jobs as AI takes over call-centre work

Recent Comments

    No Result
    View All Result

    Categories

    • Android
    • Cars
    • Gadgets
    • Gaming
    • Internet
    • Mobile
    • Sci-Fi
    • Home
    • Shop
    • Privacy Policy
    • Terms and Conditions

    © CC Startup, Powered by Creative Collaboration. © 2020 Creative Collaboration, LLC. All Rights Reserved.

    No Result
    View All Result
    • Home
    • Blog
    • Android
    • Cars
    • Gadgets
    • Gaming
    • Internet
    • Mobile
    • Sci-Fi

    © CC Startup, Powered by Creative Collaboration. © 2020 Creative Collaboration, LLC. All Rights Reserved.

    Get more stuff like this
    in your inbox

    Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

    Thank you for subscribing.

    Something went wrong.

    We respect your privacy and take protecting it seriously