A security flaw in GitHub’s months-old GitHub Agentic Workflows allows attackers to use an indirect prompt injection to trick the AI agent into grabbing information from a private repository and quietly posting it in a public repository belonging to the same organization. The vulnerability, dubbed “GitLost” by Noma Security researchers, is only the latest example for developers and security teams of the risks that come with AI agents and how vulnerable they are to deceptive tactics by threat actors that often – as in this case – don’t need coding skills, access, or stolen credentials to run such campaigns. This is different from a classic prompt injection, according to Sasi Levi, security research lead with Noma. Those earlier prompt injection examples were primarily about manipulating what an agent said, similar to jailbreaking a chatbot’s output. In contrast, GitLost is about manipulating what an agent does with its permissions. “The agent here isn’t just a chat window; it...
Artificial Intelligence is pushing DevSecOps into a new phase where security is no longer just about detecting vulnerabilities, but increasingly about resolving them automatically within the flow of software delivery. As many organizations are discovering, DevSecOps historically gave teams visibility into risk. AI is now turning that visibility into automated remediation. This evolution has taken place across four phases. From Discovery to Action One of the most significant shifts is that security tooling no longer stops at identifying problems. AI systems can detect an issue, recommend a fix, open a ticket, update code, or prepare a pull request for human approval. Traditional DevSecOps created strong visibility into vulnerabilities, but often lacked mechanisms to ensure remediation happened quickly and consistently. AI is helping close that gap between insight and action. In many environments, when a vulnerable library or dependency is detected, AI systems can automatically test s...