www.darkreading.com 7/7/2026, 4:16:16 PM · external

GitHub’s ‘GitLost’ bug exposes private repo data via Issues

GitHub’s ‘GitLost’ bug exposes private repo data via Issues
CyberSIXT Evidence Panel
Primary Source noma.security

THE article discusses a critical flaw named 'GitLost' in GitHub's Agentic Workflows that allows unauthenticated attackers to extract data from private repositories by crafting GitHub Issues in public ones. Researchers from Noma Security discovered that the flaw exploits prompt injection vulnerabilities in AI-assisted automation, manipulating AI agents to disclose sensitive information without the need for credentials.

The flaw raises concerns about the security implications of using natural language inputs in AI systems. Experts recommend adopting a zero-trust approach, auditing AI workflows, and ensuring strict boundaries between trusted system directives and untrusted user data to mitigate such risks.

View Primary Source Via www.darkreading.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline