EventCybersecurityJuly 8, 2026
GitLost vulnerability tricks GitHub AI agent into leaking private repos

Noma Labs discovered a prompt injection vulnerability in GitHub Agentic Workflows that lets unauthenticated attackers extract private repository data by posting a crafted Issue in a public repo of the same organization. The GitLost attack abuses AI agent permissions to silently exfiltrate code and files.