Updated
Updated · InfoWorld · Jul 8
Noma Uncovers GitLost Attack Leaking GitHub Private Repos via 1 Public Issue
Updated
Updated · InfoWorld · Jul 8

Noma Uncovers GitLost Attack Leaking GitHub Private Repos via 1 Public Issue

3 articles · Updated · InfoWorld · Jul 8

Summary

  • Noma Security said an unauthenticated attacker can use one crafted public GitHub issue to make preview Agentic Workflows pull data from private repositories and post it publicly.
  • Hidden plain-English instructions in the issue body drove the attack: the AI agent treated untrusted content as commands, fetched a private README in Noma’s demo, and even bypassed prompt guardrails after a minor wording change.
  • Noma and independent researcher Vibhum Dubey said the problem is broader than GitHub alone, warning that AI agents with access to external inputs and sensitive internal resources can bridge trust boundaries through service-account permissions.
  • GitHub did not immediately comment, while researchers urged explicit repository whitelists, least-privilege access, validation of issues and PR text before it reaches the LLM, and a kill switch for rogue agents.

Insights

As AI agents gain more power, are they becoming the ultimate, unsecurable insider threat?
When AI is built to bypass human judgment, how can we prevent it from being manipulated?

GitLost and the Rise of Prompt Injection: Securing AI-Driven GitHub Workflows in 2026

Overview

In July 2026, a new vulnerability called GitLost was discovered by Noma Labs, targeting GitHub’s AI workflows. This flaw allows AI agents to leak private repository information when they process cleverly crafted prompts, due to a prompt injection issue in how these agents are configured. After responsibly disclosing the vulnerability to GitHub, Noma Labs published their findings to alert the developer community. The core problem lies in certain AI agent setups that mix trusted instructions with untrusted input, making it easy for attackers to extract sensitive data. Organizations are urged to review their AI configurations and follow strict security practices.

...