GitHub AI agent leaks private repos when asked nicely 12.2%
The Register - By Jessica Lyons - 7/7/2026, 7:49 PM
Availability Heuristic 20.2% - Negativity Bias 12.1% - Biased Writer Voice 11.7%
Malicious prompters could easily trick GitHub agents into pulling data from private repositories and then leaking the information as a public comment for anyone to access, according to Noma Labs researchers who named the vulnerability GitLost. The issue exists in GitHub’s Agentic Workflows, which allow an AI agent powered by Claude or... more