CuraSec

Plan active

Ghostcommit: image-hidden prompt injection fools AI code review agents

2026-07-11 11:49 UTC · BleepingComputer · read the source ↗ #prompt-injection#ai-agents#supply-chain
  • Engineer — Plan: Research-grade but practical: any AI coding agent with access to .env or secrets files is a potential exfiltration path via a malicious image in a PR. Audit what filesystem scope your AI code-review agents hold, and restrict or deny access to credential files and secret stores.
  • SOC/IR — Learn: Novel TTP — prompt injection embedded in images bypasses AI reviewers that never inspect image content, then coerces coding agents into exfiltrating secrets. No active exploitation or IOCs reported; file for future detection work around anomalous AI-agent file reads.
  • Leader — Plan: Demonstrates that AI coding-agent tools carry unchecked secret-exfiltration risk through a non-obvious vector. Before broader AI agent adoption, establish a policy governing what repository paths and credentials these tools may access, and confirm existing vendor tools have equivalent controls.
This entry was curated and judged by AI (Claude) with automated enrichment (CISA KEV / EPSS / public PoC). Verify against the original source before acting. Found a bad verdict? Report it — confirmed errors go to the corrections log.