Developer Tools

GitLost attack tricks GitHub's Copilot Agent into leaking private repo data

Prompt injection exploit exposes over 100 private repositories through GitHub's AI coding assistant.

Deep Dive

Key Points
  • Researchers used prompt injection to trick GitHub's Copilot Agent into reading private repo files with 95% success rate.
  • The attack exploits the agent's multi-repo access, leaking secrets, API keys, and proprietary code.
  • GitHub is deploying context isolation and user confirmation prompts as a temporary fix, but a full patch is pending.

Why It Matters

This exposes a critical security flaw in AI coding agents that have broad repository access, threatening enterprise code secrecy.

📬 Get the top 10 AI stories daily