‘Ghostcommit’ hides prompt injection in images to fool AI agents, steal secrets

‘Ghostcommit’ hides prompt injection in images to fool AI agents, steal secrets
Researchers demonstrated Ghostcommit, a pull-request attack that hides malicious instructions inside a PNG so AI code reviewers miss it and later leak repository secrets from .env files. The attack exploited review blind spots in tools like Cursor and Bugbot, while the researchers also released a multimodal defense to inspect images, conventions, and agent behavior. #Ghostcommit #Cursor #ClaudeSonnet #CodeRabbit #Bugbot #ASSETResearchGroup

Keypoints

  • Ghostcommit hides exfiltration instructions inside a PNG image.
  • AI code reviewers often skip image files and miss the attack.
  • A merged AGENTS.md file later triggers the coding agent to read .env.
  • The agent encodes secret values into numbers and writes them into code.
  • The researchers built a multimodal defender to inspect code, text, and images.

Read More: https://www.bleepingcomputer.com/news/security/ghostcommit-hides-prompt-injection-in-images-to-fool-ai-agents-steal-secrets/