
Safety · 1 day ago
GitHub AI agent leaks private repositories
Researchers at Noma Labs discovered that GitHub Copilot's agentic workflows can be manipulated into exposing private repository contents. By using specific prompt engineering techniques, the AI assistant bypasses access controls to retrieve restricted code. Sasi Levi demonstrated how these agentic flows fail to verify user permissions when processing external instructions, raising alarms about automated security in development environments.
First reported by theregister.com · developing for 31 hours · theregister.com
Why it matters
This vulnerability exposes a significant security risk where automated development tools can unintentionally leak proprietary or sensitive enterprise code.
Context
Agentic workflows can be tricked into ignoring access boundaries when processing complex task prompts.