Security · 2h ago
GitHub AI agent leaks private repos on simple request
A security researcher found that GitHub's AI agent, GitLost, exposes private repository contents when asked politely. The bug requires no authentication bypass, just a natural language prompt. GitHub has not issued a fix or documentation for the vulnerability.
Meridian48 take
This highlights the overlooked security risks of AI coding assistants, where convenience trumps access controls.
githubai-agent