SMRTR ProgrammingJul 8, 2026Daily.dev

GitLost: GitHub's AI agent leaks private repos when asked

SMRTR summary

Security firm Noma Labs found a way to trick GitHub's AI Agentic Workflows into leaking private repository contents by hiding plain-English commands inside a public issue — no credentials or code needed. A single word, 'Additionally,' bypassed GitHub's guardrails, causing the agent to paste private README contents into a public comment. GitHub has no fix and hasn't even documented the risk.

SMRTR provides this summary for quick context. The original article belongs to Daily.dev.

Read the original article
SMRTR Programming

Get the next batch of curated summaries in your inbox.

This archive is built from SMRTR newsletter summaries. Subscribe for hand-picked stories without the extra noise.