GitHub's AI Agent Leaked Private Repos When Asked Nicely
An AI agent that leaked private GitHub repos to a stranger who simply asked nicely turns out to be a credential-scoping problem the whole industry needs to check for, plus two new papers show AI infrastructure teams rediscovering network engineering fundamentals for the second day running.
Welcome to Amaze Networks for Wednesday, July eighth. Remember Monday, when that paper on multi-agent poisoning made the case that AI agents inherit way too much standing trust? Today we've got the cleanest real-world proof of exactly that problem, and it happened to GitHub's own AI agent.
And it is almost funny how simple the exploit was. I want to get into it right away.
So this is called GitLost, from a security research shop called Noma Security, and it's about a feature called GitHub Agentic Workflows — basically an AI coding agent that GitHub can auto-assign to issues in your repos.
New episodes, every weekday.
Amaze Networks drops at 4 AM CT, Monday through Friday. Spotify and Apple Podcasts submissions in progress.