GitLost attack tricks GitHub's Copilot Agent into leaking private repo data
Prompt injection exploit exposes over 100 private repositories through GitHub's AI coding assistant.
Deep Dive
Key Points
- Researchers used prompt injection to trick GitHub's Copilot Agent into reading private repo files with 95% success rate.
- The attack exploits the agent's multi-repo access, leaking secrets, API keys, and proprietary code.
- GitHub is deploying context isolation and user confirmation prompts as a temporary fix, but a full patch is pending.
Why It Matters
This exposes a critical security flaw in AI coding agents that have broad repository access, threatening enterprise code secrecy.