A novel supply chain attack called “Ghostcommit” that conceals prompt-injection instructions within PNG images to bypass AI code reviewers and trick coding agents into leaking secrets such as .env files. The ASSET Research Group demonstrated that a pull request containing an explicit, plain-text instruction to exfiltrate a...
Read the full article at the source.
Comments (0)
No comments yet. Be the first to comment!