On July 6, 2026, Noma Labs disclosed GitLost, a critical prompt injection vulnerability in GitHub’s new Agentic Workflows feature. The attack allows an unauthenticated attacker to silently exfiltrate data from private repositories — simply by posting a crafted GitHub Issue in a public repository belonging to the same organization.
At 445 points on Hacker News and climbing, this is one of the most significant AI security stories of the month. Here is what happened, how it works, and what it means for anyone running AI agents on their code.