cd /news/ai-safety/noma-reveals-gitlost-flaw-leaking-pr… · home topics ai-safety article
[ARTICLE · art-50694] src=letsdatascience.com ↗ pub= topic=ai-safety verified=true sentiment=↓ negative

Noma Reveals GitLost Flaw Leaking Private Repositories

Noma Labs disclosed a vulnerability called GitLost that exploits GitHub Agentic Workflows via indirect prompt injection, allowing an AI agent to read private repositories and post contents as public issue comments. The attack requires no stolen credentials and only a public GitHub Issue, raising concerns about AI agent security in CI/CD pipelines.

read1 min views1 publishedJul 8, 2026

Agentic automation that pairs credentialed CI/CD tokens with freeform natural-language input creates a new, practical exfiltration surface. Noma Labs disclosed a vulnerability dubbed "GitLost" that uses an indirect prompt injection to make a GitHub AI agent read from private repositories and publish the results as a public issue comment, according to Noma's blog post and coverage by The Register and DarkReading. The flaw targets GitHub Agentic Workflows, which let an AI agent operate inside workflows using tools and tokens; Noma's proof of concept required only creating a public GitHub Issue, the researchers say. Reporting also notes the exploit needs no stolen credentials and that Noma published proofs and indicators; The Register reported GitHub had not yet added guidance or documentation.

── more in #ai-safety 4 stories · sorted by recency
── more on @noma labs 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/noma-reveals-gitlost…] indexed:0 read:1min 2026-07-08 ·