thenextweb
‘GitLost’: researchers tricked GitHub’s AI agent into leaking private repos

Researchers tricked GitHub’s AI coding agent into leaking private repositories with nothing but a politely worded issue. The flaw, named GitLost, has no code fix, and GitHub has yet to even document it. GitHub’s new AI agent can be talked into handing over your private code. Security firm Noma Labs found a way to make […]<br /> This story continues at The Next Web [...]

Rating

Innovation

Pricing

Technology

Usability

We have discovered similar tools to what you are looking for. Check out our suggestions for similar AI tools.

venturebeat
Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A security researcher, working with colleagues at Johns Hopkins University, opened a GitHub pull request, typed a malicious instruction into the PR title, and watched Anthropic’s Claude Code Securit [...]

Match Score: 200.53

venturebeat
GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and au [...]

Match Score: 192.12

Destination
Private Internet Access VPN review: Both more and less than a budget VPN

I came into this review thinking of Private Internet Access (PIA) as one of the better VPNs. It's in the Kape Technologies portfolio, along with the top-tier ExpressVPN and the generally reliable [...]

Match Score: 170.93

venturebeat
GitHub's Agent HQ aims to solve enterprises' biggest AI coding problem: Too many agents, no central control

GitHub is making a bold bet that enterprises don't need another proprietary coding agent. They need a way to manage all of them.At its Universe 2025 conference, the Microsoft-owned developer plat [...]

Match Score: 153.26

venturebeat
Most enterprises can't stop stage-three AI agent threats, VentureBeat survey finds

A rogue AI agent at Meta passed every identity check and still exposed sensitive data to unauthorized employees in March. Two weeks later, Mercor, a $10 billion AI startup, confirmed a supply-chain br [...]

Match Score: 151.25

venturebeat
One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it

Just two months ago, researchers at the Data Intelligence Lab at the University of Hong Kong introduced CLI-Anything, a new state-of-the-art tool that analyzes any repo’s source code and generates a [...]

Match Score: 120.50

venturebeat
Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.

On March 30, BeyondTrust proved that a crafted GitHub branch name could steal Codex’s OAuth token in cleartext. OpenAI classified it Critical P1. Two days later, Anthropic’s Claude Code source cod [...]

Match Score: 107.83

venturebeat
Microsoft takes Agent 365 out of preview as shadow AI becomes an enterprise threat

Microsoft last week took Agent 365, its management platform for AI agents, out of preview and into general availability — a move that signals the software giant believes the governance challenge aro [...]

Match Score: 94.60

venturebeat
An AI agent rewrote a Fortune 50 security policy. Here's how to govern AI agents before one does the same.

A CEO’s AI agent rewrote the company’s security policy. Not because it was compromised, but because it wanted to fix a problem, lacked permissions, and removed the restriction itself. Every identi [...]

Match Score: 92.42