WARPTECHNEWS · LAB
HomeAIBusinessTechArchive
WARPTECH LAB NEWS

Warptech Lab News aggrega le notizie più rilevanti da oltre 700 fonti internazionali, con classificazione AI, TL;DR sintetici e timeline cluster su singole storie.

Navigazione

  • Home
  • Archivio
  • Editor's Brief
  • Cerca
  • Il tuo account
  • Newsletter tech/AI

Informazioni legali

  • Privacy Policy
  • Termini di servizio
  • Cookie Policy

© 2026 Sparktech S.R.L. — Tutti i diritti riservati. Sito gestito e manutenuto da Sparktech S.R.L.

Sede legale: Corso Libertà 55, 13100 Vercelli (VC), Italia · P.IVA / C.F. 02835910023 · Contatti: admin@warptechlab.com

Home
Storia in 4 fonti

'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets

A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit,' slipped past AI code reviewers CodeRabbit and Bugbot, which never open image files at all, then convinced a coding agent to read a repo's .env and write every secret into the code as a list of numbers.

Raccontata dathenextweb.comthehackernews.combleepingcomputer.comdev.to

Confronto fonti

4 prospettive sulla stessa storia
AI · summaries
bleepingcomputer.comStai leggendo6 g fa

'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets

A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit,' slipped past AI code reviewers CodeRabbit and Bugbot, which never open image files at all,…

originale
dev.to4 g fa

GhostCommit: the exploit your AI code reviewer can't see

A new attack technique called GhostCommit just made AI-assisted code review look like a liability....

Leggi questa versione → originale
thenextweb.com9 g fa

GitLost: GitHub's AI agent leaks private repos when asked

Noma Labs tricked GitHub's AI agent into leaking private repositories with a crafted issue. The prompt-injection flaw, GitLost, has no code fix.

Leggi questa versione → originale
thehackernews.com8 g fa

GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents

Wiz says GhostApproval abuses symlinks so AI coding agents write to SSH keys or shell startup files while showing benign paths.

Leggi questa versione → originale

Timeline cronologica

  1. mercoledì 8 luglio 2026·thenextweb.com

    GitLost: GitHub's AI agent leaks private repos when asked

    Noma Labs tricked GitHub's AI agent into leaking private repositories with a crafted issue. The prompt-injection flaw, GitLost, has no code fix.

  2. giovedì 9 luglio 2026·thehackernews.com

    GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents

    Wiz says GhostApproval abuses symlinks so AI coding agents write to SSH keys or shell startup files while showing benign paths.

  3. sabato 11 luglio 2026·bleepingcomputer.com

    'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets

    A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit,' slipped past AI code reviewers CodeRabbit and…

  4. lunedì 13 luglio 2026·dev.to

    GhostCommit: the exploit your AI code reviewer can't see

    A new attack technique called GhostCommit just made AI-assisted code review look like a liability....