New Ghostcommit Attack Tricks AI Agents via PNG Images

Photo: BleepingComputer
Quick answer
Ghostcommit leverages hidden prompt injections in PNG images to deceive AI agents that review code, enabling secret data theft from repositories.
Cybersecurity researchers have demonstrated a new attack method targeting AI systems used for automated code analysis. Dubbed Ghostcommit, the technique involves embedding malicious instructions within PNG image files, which are then uploaded to repositories.
The attack exploits the fact that popular AI tools like CodeRabbit and Bugbot do not inspect the contents of image files. This allows attackers to bypass standard security mechanisms and inject commands that force AI agents to extract sensitive data from repositories. In testing, the attack successfully coerced the system into reading a .env file and converting its contents into a numeric format, which was then inserted into the code.
Experts warn that such vulnerabilities pose a significant threat to companies relying on automated code review tools. Open-source projects are particularly at risk, as security controls may be less stringent. To mitigate these attacks, organizations are advised to implement additional checks for all uploaded files, including images.
Common questions
- What is Ghostcommit?
- Ghostcommit is an attack method where malicious instructions are embedded in image files to trick AI-powered code review systems, potentially leading to confidential data leaks from repositories.
- Which AI tools are vulnerable to Ghostcommit?
- The vulnerability was demonstrated in tools like CodeRabbit and Bugbot, which fail to analyze image file contents, allowing attacks to go undetected.
- What data can be stolen using Ghostcommit?
- The attack can extract secrets from repositories, including .env files that often store passwords, access tokens, and other critical parameters.
Dzen feed: /feed/dzen.xml · RSS: /feed.xml