'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets
Summary
Researchers discovered 'Ghostcommit', an attack that hides prompt injection (tricking an AI by embedding hidden instructions in its input) inside PNG image files within code repositories to steal secrets. When a human code reviewer approves a pull request containing a malicious image, an AI coding agent later reads the image, extracts instructions to steal sensitive credentials from .env files (configuration files containing secret keys), and encodes them as numbers in the code where they go undetected by security scanners.
Classification
Affected Vendors
Related Issues
Original source: https://www.bleepingcomputer.com/news/security/ghostcommit-hides-prompt-injection-in-images-to-fool-ai-agents-steal-secrets/
First tracked: July 11, 2026 at 08:01 AM
Classified by LLM (prompt v3) · confidence: 92%