www.securityweek.com 7/8/2026, 11:07:07 AM · external

GitHub AI Agent Flaw Lets Hackers Steal Private Code via Issues

GitHub AI Agent Flaw Lets Hackers Steal Private Code via Issues
Developing story vulnerability 2 articles tracked
GitHub AI workflow flaw exposes private repository data via Issues
CyberSIXT Evidence Panel
Primary Source noma.security

A critical vulnerability named 'GitLost' in GitHub's Agentic Workflows allows unauthenticated attackers to access private repository data by posting crafted issues in public repositories. Discovered by Noma Labs, this flaw enables the AI agent to fetch sensitive information without requiring coding skills or credentials. The security researchers emphasized that indirect prompt injections could pose similar risks as SQL injections in web applications.

They recommended strict security measures for organizations using AI agents, including treating user-generated content as untrusted and limiting agent permissions.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline