Security · 2h ago
GitLost Attack Shows Agentic Workflows Leak Data via Prompt Injection
A researcher demonstrated that a single word change in a public GitHub issue can trick an AI agent into leaking private repo data, exploiting standing cross-repo permissions. The attack, called GitLost, is a classic confused-deputy problem amplified by LLM agents that cannot distinguish user instructions from untrusted content. The real issue is architectural: agents with blanket read access triggered by public input, not a novel hacking technique.
Meridian48 take
The industry is framing this as a patched vulnerability, but the deeper problem is an authorization model never designed for autonomous, instructable agents — no prompt filter can fix that.
Read the full reporting
GitLost Is a Preview of Every Agentic Workflow Breach You'll See This Year →
DEV Community
agentic-workflowsprompt-injection