New Ghostcommit Attack Hides Malicious Prompts in Images to Exploit AI Agents

A novel supply chain attack called “Ghostcommit” that conceals prompt-injection instructions within PNG images to bypass AI code reviewers and trick coding agents into leaking secrets such as .env files. The ASSET Research Group demonstrated that a pull request containing an explicit, plain-text instruction to exfiltrate a repository’s .env file is caught immediately by LLM-based […]

The post New Ghostcommit Attack Hides Malicious Prompts in Images to Exploit AI Agents appeared first on Cyber Security News.

This article has been indexed from Cyber Security News

Read the original article: