AI News HubLIVE
In-site rewrite1 min read

'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets

Researchers have built a pull request that steals a repository's secrets by hiding the malicious instruction inside a PNG that AI code reviewers never open.

SourceHacker News AIAuthor: Brajeshwar

Researchers have built a pull request that steals a repository's secrets by hiding the malicious instruction inside a PNG that AI code reviewers never open.

The reviewer waves the change through. Later, a coding agent reads the picture, opens the repo's .env, and writes every key into the source as a harmless-looking list of numbers.

How 'Ghostcommit' works

The attack is joint work from the University of Missouri-Kansas City's ASSET Research Group, by associate professor Sudipta Chattopadhyay and researcher Murali Ediga, who shared it with BleepingComputer.