Breaking 19:38 Trump suggests possible Syrian role against Hezbollah, drawing criticism of Israel’s strategy 19:00 UN human rights chief warns renewed U.S.-Iran conflict threatens regional stability 18:39 Pentagon faces higher projected costs for military operations involving Iran 18:30 Chipotle opens first restaurant in Mexico as U.S. burrito chain expands internationally 18:18 Startup plans first space mirror to deliver sunlight on demand, raising scientific concerns 16:05 Google unveils major update to Google Images after 25 years 16:00 U.S. House Republicans unveil $95 billion spending blueprint for defense, election and agriculture priorities 14:59 Morocco formalizes participation in international stabilization force for Gaza 14:32 World Cup 2026 final to feature extended halftime show with global music stars 14:30 Progressive posts higher quarterly profit as auto insurance demand remains strong 13:45 U.S. cyber espionage case shines spotlight on former Kaspersky employee accused of hacking 13:41 Roscosmos and Nasa agree to extend International Space Station operations through 2030 13:05 Poll finds majority of Americans oppose military action against Iran 12:45 E. Jean Carroll receives $5.62 million following civil judgment against Donald Trump 12:16 Google AI chief calls for independent regulator to test advanced artificial intelligence systems 12:00 China rejects US sanctions plan targeting buyers of Russian oil 12:00 Historic heat wave puts nearly 100 million people under alerts across the United States 11:25 US freezes over $130 million in cryptocurrency linked to Iran 10:16 Democratic lawmakers criticize US policy toward Cuba after congressional visit 10:02 ASML includes Terafab demand in chip equipment expansion plans for 2027 and 2028 10:00 Iran–US tensions escalate as Strait of Hormuz security raises global trade concerns 09:31 Oscar-winning actress Ellen Burstyn to receive Venice Film Festival Golden Lion for lifetime achievement 09:30 Family of detained US seismologist urges China to release scientist held on espionage charges

Researchers hijack ai agents via github prompt injection attacks

Thursday 16 April 2026 - 09:20
By: Dakir Madiha
Researchers hijack ai agents via github prompt injection attacks

Security researchers have demonstrated how artificial intelligence agents from Anthropic, Google and Microsoft can be compromised through prompt injection attacks hidden in GitHub workflows. The technique allowed attackers to extract API keys, GitHub tokens and other sensitive data without direct system access, raising concerns about the security of AI driven development tools.

The research was conducted at Johns Hopkins University, where Aonan Guan and colleagues identified a vulnerability in AI agents integrated into software development pipelines. These agents analyze pull requests and issues on GitHub. By embedding malicious instructions in pull request titles or issue comments, attackers could manipulate the agents into revealing confidential information during automated reviews.

The attack relies on how these systems process context. AI agents treat user generated text such as titles, comments and issue descriptions as trusted input. Guan showed that carefully crafted prompts can override built in safeguards. In one case, the Claude based security review tool processed a malicious title and exposed sensitive credentials in its automated response. The researcher described the method as “comment and control,” since the full attack cycle occurs داخل GitHub without external infrastructure.

The same approach proved effective against multiple systems. Google’s Gemini CLI agent was tricked into exposing its API key by disguising malicious instructions as trusted content. Microsoft’s GitHub Copilot agent was manipulated using hidden HTML comments embedded in Markdown, invisible to users but readable by the AI system. This method bypassed multiple layers of runtime protection.

Despite the severity, responses from the affected companies remained limited. Anthropic issued a small bug bounty and added a documentation warning. Google and Microsoft also paid rewards through their vulnerability programs. None of the companies released formal security advisories or assigned CVE identifiers, leaving many users unaware of potential exposure, especially those running outdated versions.

The findings highlight broader structural risks in AI agent ecosystems. A separate analysis by OX Security identified a critical flaw in Anthropic’s Model Context Protocol, which connects AI agents to external tools. The vulnerability could enable arbitrary command execution on affected servers, impacting widely used software components.

These incidents build on earlier research by Aikido Security, which showed that prompt injection attacks can compromise AI systems embedded in CI CD pipelines. This class of vulnerabilities, sometimes referred to as “PromptPwnd,” demonstrates that AI agents can be manipulated in ways similar to phishing attacks, but targeting machines instead of users.


  • Fajr
  • Sunrise
  • Dhuhr
  • Asr
  • Maghrib
  • Isha

This website, walaw.press, uses cookies to provide you with a good browsing experience and to continuously improve our services. By continuing to browse this site, you agree to the use of these cookies.