TechBleepingComputer2h ago
'Ghostcommit' hides prompt injection in images to fool AI agents, steal
'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets

A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit,' slipped past AI code reviewers CodeRabbit and Bugbot, which never open image files at all, then convinced a coding agent to read a repo's .env and write…
Read full articleSource: BleepingComputer · Opens in new tab