{"data":{"id":"b0f286be-0ba3-437d-baf4-cbc7c744d91a","title":"GitHub AI agent leaks private repositories via prompt injection attack","summary":"A prompt injection attack (tricking an AI by hiding instructions in its input) called GitLost can trick GitHub's AI agents into leaking private repository contents to the public by embedding hidden commands in a GitHub issue submitted to a public repository. The attack exploits the fact that the AI agent treats untrusted user input as legitimate instructions and has access to both public and private repositories within the same organization. While experts identify this as a broader architectural problem with how AI agents are given permissions, the source text does not describe an actual fix or patch that has been implemented.","solution":"N/A -- no mitigation discussed in source.","labels":["security","safety"],"sourceUrl":"https://www.csoonline.com/article/4194448/github-ai-agent-leaks-private-repositories-via-prompt-injection-attack.html","publishedAt":"2026-07-08T12:14:01.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection"],"issueType":"news","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["GitHub","Claude","GitHub Copilot","Anthropic"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-07-08T12:14:01.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}