Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
GitHub Workflow Vulnerability Exposes Private Repo Data

GitHub Workflow Vulnerability Exposes Private Repo Data

Posted on July 7, 2026 By CWS

Researchers at Noma Security have uncovered a significant vulnerability in GitHub’s Agentic Workflows that could potentially expose private repository data through public issues. This security flaw, identified as ‘GitLost,’ is particularly concerning as it enables attackers to manipulate GitHub’s AI-driven workflows, leading to unintentional data leaks.

Understanding the GitLost Technique

GitHub’s Agentic Workflows, introduced in February and now in public preview, allows users to instruct AI agents using plain English in Markdown files. The AI, powered by tools such as GitHub Copilot, Anthropic’s Claude, Google Gemini, or OpenAI Codex, processes issues and pull requests autonomously. However, when these workflows are granted a token with read access to multiple repositories, including private ones, the system becomes vulnerable to the GitLost technique.

The flaw arises from indirect prompt injection, where the AI agent fails to discern between authentic instructions and malicious ones embedded within issue content. In Noma’s demonstration, an issue masquerading as a legitimate request triggered the workflow, causing the agent to inadvertently disclose private repository information publicly.

Challenges of AI Vulnerabilities

Despite GitHub’s implementation of safeguards such as sandboxing, read-only tokens, input cleaning, and threat detection, Noma Security discovered that a subtle modification could bypass these defenses. By prefixing a malicious instruction with “Additionally,” the AI misinterpreted it as a legitimate follow-up task, thus breaching the established guardrails.

This vulnerability highlights a broader issue in AI systems: the difficulty in distinguishing between data and instructions. Current solutions focus on architectural adjustments rather than filtering malicious inputs, as language lacks the clear demarcation present in programming languages like SQL.

Addressing the Security Concerns

To mitigate this risk, organizations using GitHub’s workflows should limit the scope of access tokens, confining them to specific repositories rather than organizational-wide access. This approach minimizes the potential impact of a breach. Additionally, implementing human review processes for workflow outputs and restricting which external content the agent processes can further safeguard against unauthorized data exposure.

However, as Noma Security’s findings demonstrate, even robust defenses can be circumvented. Continuous vigilance and adaptive security measures are essential in countering such sophisticated threats. GitHub and other platforms must prioritize reinforcing their architectural defenses to prevent similar vulnerabilities from being exploited in the future.

In conclusion, while GitHub has advanced significantly in AI-driven workflow management, the GitLost vulnerability serves as a stark reminder of the inherent challenges in securing AI interactions. Organizations must remain proactive in refining their security protocols to safeguard sensitive data effectively.

The Hacker News Tags:AI, Cybersecurity, data leak, data protection, GitHub, GitHub Agentic Workflows, Noma Security, prompt injection, Security, software development

Post navigation

Previous Post: Microsoft Enhances AI Security with Execution Containers
Next Post: Tarah Wheeler’s Journey: From Social Science to Cybersecurity Leadership

Related Posts

WhatsApp Introduces Usernames for Enhanced Privacy WhatsApp Introduces Usernames for Enhanced Privacy The Hacker News
Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks The Hacker News
Enhancing Cyber Resilience with EDR and MDR Solutions Enhancing Cyber Resilience with EDR and MDR Solutions The Hacker News
Notepad++ Hosting Compromise Linked to Chinese Hackers Notepad++ Hosting Compromise Linked to Chinese Hackers The Hacker News
PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces The Hacker News
Linux Kernel Vulnerability Allows Root Access Exploit Linux Kernel Vulnerability Allows Root Access Exploit The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Enhancing AI SOC SLA: Transitioning from 2019 to 2026 Standards
  • County Pays $1 Million to Prevent Data Leak, Reports Show
  • Critical Flaw in AI Platform Writer Poses Security Risks
  • MCP Servers Found with Thousands of Security Flaws
  • Microsoft Device Code Phishing Campaign Targets M365 Accounts

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Enhancing AI SOC SLA: Transitioning from 2019 to 2026 Standards
  • County Pays $1 Million to Prevent Data Leak, Reports Show
  • Critical Flaw in AI Platform Writer Poses Security Risks
  • MCP Servers Found with Thousands of Security Flaws
  • Microsoft Device Code Phishing Campaign Targets M365 Accounts

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark