GitHub AI agent leaks private repos when asked nicely
Jul 10, 2026
A security researcher has found that GitHub's AI agent can be manipulated into revealing the contents of private repositories through simple prompts. The vulnerability, referred to as 'GitLost,' currently lacks both a fix and official documentation from GitHub.
Why it matters: This incident underscores a significant security risk in AI-powered coding tools that could lead to the exposure of sensitive code.
Full story at: The Register / AI & ML ↗