Breaking 19:15 Trump announces renewed maritime blockade against Iran amid Strait of Hormuz tensions 19:00 NASA seeks four volunteers for year-long Mars mission simulation 17:30 States challenge Paramount’s $110 billion Warner Bros. Discovery takeover in major antitrust lawsuit 17:15 Bosch launches sample production at first U.S. semiconductor plant to strengthen domestic chip supply 14:30 Williams secures $5.3 billion investment from Blackstone-led consortium for power projects 13:45 Iraqi Prime Minister Ali al-Zaidi seeks major US energy investment during Washington visit 12:31 Jay-Z concert delayed in New York after ticketless fans disrupt Yankee Stadium event 12:00 Wall Street banks accelerate AI assistant adoption in race for productivity gains 11:47 US Military Reveals First Combat Use of New Unmanned Weapons in Strikes on Iran 11:30 US Ebola patient infected in Congo transferred to specialized hospital in Germany 10:56 Morrisons explores £600 million property deal with US investor Realty Income, Sky News reports 10:41 US dollar gains as Middle East tensions fuel inflation concerns 09:00 UN chief urges US and Iran to end renewed hostilities and resume diplomacy 08:35 U.S. military says Strait of Hormuz remains open despite rising tensions with Iran 08:30 France’s World Cup journey links Boston and Dallas, two cities tied to John F. Kennedy’s legacy 08:18 Support grows in U.S. Congress for bill seeking terrorist designation of Polisario Front 07:31 Stellantis reports 10% rise in second-quarter vehicle shipments driven by North American demand

Researchers hijack ai agents via github prompt injection attacks

Thursday 16 April 2026 - 09:20
By: Dakir Madiha
Researchers hijack ai agents via github prompt injection attacks

Security researchers have demonstrated how artificial intelligence agents from Anthropic, Google and Microsoft can be compromised through prompt injection attacks hidden in GitHub workflows. The technique allowed attackers to extract API keys, GitHub tokens and other sensitive data without direct system access, raising concerns about the security of AI driven development tools.

The research was conducted at Johns Hopkins University, where Aonan Guan and colleagues identified a vulnerability in AI agents integrated into software development pipelines. These agents analyze pull requests and issues on GitHub. By embedding malicious instructions in pull request titles or issue comments, attackers could manipulate the agents into revealing confidential information during automated reviews.

The attack relies on how these systems process context. AI agents treat user generated text such as titles, comments and issue descriptions as trusted input. Guan showed that carefully crafted prompts can override built in safeguards. In one case, the Claude based security review tool processed a malicious title and exposed sensitive credentials in its automated response. The researcher described the method as “comment and control,” since the full attack cycle occurs داخل GitHub without external infrastructure.

The same approach proved effective against multiple systems. Google’s Gemini CLI agent was tricked into exposing its API key by disguising malicious instructions as trusted content. Microsoft’s GitHub Copilot agent was manipulated using hidden HTML comments embedded in Markdown, invisible to users but readable by the AI system. This method bypassed multiple layers of runtime protection.

Despite the severity, responses from the affected companies remained limited. Anthropic issued a small bug bounty and added a documentation warning. Google and Microsoft also paid rewards through their vulnerability programs. None of the companies released formal security advisories or assigned CVE identifiers, leaving many users unaware of potential exposure, especially those running outdated versions.

The findings highlight broader structural risks in AI agent ecosystems. A separate analysis by OX Security identified a critical flaw in Anthropic’s Model Context Protocol, which connects AI agents to external tools. The vulnerability could enable arbitrary command execution on affected servers, impacting widely used software components.

These incidents build on earlier research by Aikido Security, which showed that prompt injection attacks can compromise AI systems embedded in CI CD pipelines. This class of vulnerabilities, sometimes referred to as “PromptPwnd,” demonstrates that AI agents can be manipulated in ways similar to phishing attacks, but targeting machines instead of users.


  • Fajr
  • Sunrise
  • Dhuhr
  • Asr
  • Maghrib
  • Isha

This website, walaw.press, uses cookies to provide you with a good browsing experience and to continuously improve our services. By continuing to browse this site, you agree to the use of these cookies.