GitHub's AI Agentic Workflows: Security Experiment
We manipulated GitHub's AI workflows to expose private repositories. Yes, you read that right. When GitHub launched its Agentic Workflows, which pairs its automation system with AI agents like Claude and GitHub Copilot, the first thing that popped into my head was a simple but crucial question: what happens when the AI stumbles upon something it shouldn't trust? Turns out, the answer reveals a vulnerability that’s as concerning as it is fascinating. As researchers with a background in security development, we dove into the implications of this new feature. What we found was a prompt injection vulnerability that allows an unauthenticated attacker to siphon off data from private repositories—just by crafting a GitHub Issue in a public repo within the same organization. It’s a textbook case of how powerful tools can be misused, raising serious questions about the safeguards we often take for granted. If GitHub’s AI can be tricked into revealing sensitive information, what ...