Prompt injection hidden in images bypasses AI code reviewers
Researchers demonstrate 'Ghostcommit' attack: a PNG file containing invisible instructions that tricks AI agents into leaking repository secrets.
Security researchers have demonstrated a novel attack vector against AI-powered code review tools. The technique, named Ghostcommit, embeds malicious prompt injection instructions inside image files uploaded to code repositories.
The attack exploits a gap in how AI agents process repository contents. Popular AI code reviewers—including CodeRabbit and Bugbot—do not open or analyze image files during their review process. When a subsequent AI coding agent accesses the repository, it reads the hidden prompt and executes the attacker's instructions. In the researchers' proof-of-concept, the compromised agent extracted credentials from the repository's .env file and wrote them into the codebase as a list of numbers.
The vulnerability stems from the expanding role of autonomous AI agents in software development workflows. These agents often have broad repository access and the authority to read sensitive configuration files, create commits, and modify code. Ghostcommit demonstrates that trust boundaries designed for human reviewers do not translate cleanly to AI systems that process different file types at different stages of the development pipeline.
- 01Development teams using AI code assistants face credential exposure through image uploads
- 02AI security tooling must expand file-type coverage to match agent capabilities
- 03Organizations need audit trails showing which agents accessed sensitive repository contents
Windows zero-day grants admin access on patched systems
Researcher releases LegacyHive exploit enabling privilege escalation on current Windows versions, no patch available.
Ransomware attack halts Coca-Cola's Fairlife dairy production nationwide
Coca-Cola disclosed that a cyberattack on its Fairlife subsidiary has suspended all US production of the premium dairy brand.
Security firm automates zero-day discovery using AI code analysis
Intruder's vulnerability vending machine combines code slicing with large language models to find exploitable flaws without human analysts.