‘GitLost’ vulnerability let GitHub’s AI workflows leak private repositories
Researchers at artificial intelligence security company Noma Security Inc. today disclosed a critical prompt injection vulnerability in GitHub Inc.’s new Agentic Workflows feature that allowed an unauthenticated attacker to siphon data from private code repositories by posting a single crafted issue in a public one.
It is a fresh source-backed signal about where AI products, research, and infrastructure are moving.