The great thing about AI agents is that they'll faithfully execute just about anything you ask them to do, which also happens to be the worst thing about them.

Noma Security shared details Monday on how it tricked GitHub Agentic Workflows into sharing data from a private repository using a prompt-injection attack that defeated the agent's guardrails. "In this specific case, any malicious actor can create a GitHub Issue and, in the issue body, hide commands in plain English that GitHub’s agent will follow," wrote Sasi Levi, security research lead at the company, in a blog post.

Get the full story: Subscribe for free

Join peers managing over $100 billion in annual IT spend and subscribe to unlock full access to The Stack’s analysis and events.

Subscribe now

Already a member? Sign in