GitHub AI agent leaks private repos when asked nicely 33%
The Register - By Jessica Lyons - 7/7/2026, 7:49 PM
Biased Writer Voice 20.1% - Overconfidence Bias 18.3% - Negativity Bias 18.3%
Malicious prompters could easily trick GitHub agents into pulling data from private repositories and then leaking the information as a public comment for anyone to access, according to Noma Labs researchers who named the vulnerability GitLost. The issue exists in GitHub’s Agentic Workflows, which allow an AI agent powered by Claude or... more