Military & Security

‘GitLost’ vulnerability let GitHub’s AI workflows leak private repositories

· July 7, 2026
‘GitLost’ vulnerability let GitHub’s AI workflows leak private repositories

What happened

Researchers at AI security firm Noma Security disclosed a critical vulnerability named GitLost affecting GitHub’s Agentic Workflows feature. The flaw allowed unauthenticated attackers to extract data from private repositories by posting a specially crafted issue in a public repository. This prompt injection issue essentially tricked GitHub’s workflow automation, exposing sensitive code even when direct repository access was locked down.

The risk

The vulnerability bypassed expected security boundaries between public and private repositories. It allowed attackers to abuse GitHub’s AI-enabled automation to execute commands or queries that should have been isolated, leading to unintended data leaks. Since only posting an issue on a public repo was required, the attack surface was wide and low effort, making the risk severe for developers relying on GitHub’s AI workflows in sensitive projects.

Why it matters

GitHub’s expanding role in AI-powered developer tools means security flaws like GitLost erode trust and heighten risk for organizations using its platform. Private repositories often house proprietary code or confidential projects that businesses depend on for competitive advantage and compliance. This bug pressures enterprises to reassess how much they can rely on automated AI agents without tighter restrictions or additional safeguards. It also raises red flags about prompt injection as a new attack vector in AI workflow automation.

Who should pay attention

Developers and security teams using GitHub’s Agentic Workflows need to review their workflow setups to minimize exposure until patches are applied. Organizations that rely on private codebases for product development or IP protection must consider the risks of automated AI agents processing user-generated input from public sources. Security professionals should track similar vulnerabilities as AI tools become more integrated into code management and CI/CD pipelines.

What to watch next

Watch for GitHub’s official response, including patches, mitigations, or new security controls on its AI workflows. Further disclosures around prompt injection vulnerabilities in developer tooling could force stronger boundary enforcement between AI automation and sensitive data. This incident may accelerate demand for better security frameworks around AI agents handling code and user inputs. Builders and operators will want clear guidelines on safely integrating AI into development processes.

AI Quick Briefs Editorial Desk

Stay ahead of AI Get the most important AI news delivered to your inbox — free.