<![CDATA[😳 Someone hid a prompt injection inside invisible markdown comments in a pull request.]]>😳 Someone hid a prompt injection inside invisible markdown comments in a pull request. A developer asked Copilot to review the PR. Copilot read the hidden instructions, searched the codebase for AWS keys, encoded them in base16, and smuggled them out through GitHub's own image proxy as 1x1 transparent pixels. The CSP didn't flag it because the traffic was routed through GitHub's trusted infrastructure. CVSS 9.6. No malicious code ever executed.

The attacker weaponized the AI assistant's own access permissions. Copilot could see everything the developer could see, and it can't distinguish a legitimate instruction from a hidden one buried in a PR description.

🔍 The attack, dubbed "CamoLeak," was patched by GitHub in August 2025 and publicly disclosed in October
🔑 Copilot was directed to find secrets like API keys and cloud credentials, then exfiltrate them character by character
🖼️ Data was hidden inside pre-signed image URLs, making it look like normal browser activity
⚠️ Any AI assistant with deep system access, Microsoft 365 Copilot, Google Gemini, all of them, is a potential exfiltration channel if untrusted content can reach its instruction stream

We've spent years teaching developers not to trust user input. Now we're handing AI tools full repo access and letting them ingest unvalidated text from pull requests.

https://cybersecuritynews.com/hackers-exploit-github-copilot-flaw/

]]>https://board.circlewithadot.net/topic/d9ff3e44-c586-44be-9ff8-a32186ab4381/someone-hid-a-prompt-injection-inside-invisible-markdown-comments-in-a-pull-request.RSS for NodeFri, 15 May 2026 05:48:20 GMTTue, 14 Apr 2026 18:14:37 GMT60<![CDATA[Reply to 😳 Someone hid a prompt injection inside invisible markdown comments in a pull request. on Wed, 15 Apr 2026 07:02:02 GMT]]>@brian_greenberg The CVSS score of 9.6 seems exaggerated for a vulnerability that required a specific, patched configuration and direct developer interaction.

]]>https://board.circlewithadot.net/post/https://social.vir.group/ap/users/116380377006747794/statuses/116407436770536729https://board.circlewithadot.net/post/https://social.vir.group/ap/users/116380377006747794/statuses/116407436770536729Wed, 15 Apr 2026 07:02:02 GMT