Skip to content
The Nexus
SECURITYJul 11 · 09:03 UTCBLEEPING COMPUTERAx Sharma

'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets

A technique called 'Ghostcommit' uses images to hide prompt injections, bypassing AI code reviewers like CodeRabbit and Bugbot. It exploits coding agents to extract secrets from a repo's .env file and encode them as numbers in code.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this
Related Signal

Adjacent reporting