← Back to Model Beat
3Open Source·Apr 15

Agents hooked into GitHub can steal creds – but Anthropic, Google, and Microsoft haven't warned users

Researchers who found the flaws scored beer money bounties and warn the problem is probably pervasive Exclusive Security researchers hijacked three popular AI agents that integrate with GitHub Actions by using a new type of prompt injection attack to steal API keys and access tokens, and the vendors who run agents didn’t disclose the problem.…

Covered by 1 source

Related stories

Open SourceMozilla Announces "Thunderbolt" as an Open-Source, Enterprise AI ClientApr 16 · 3 sourcesOpen SourceFalcon 40B Takes Flight: Technology Innovation Institute Announces the Open Source Launch of the UAEs First Language Model Trained on Amazon SageMaker - موبايلكApr 15Open SourceGoogle Opens Gemma 4 Under Apache 2.0 with Multimodal and Agentic CapabilitiesApr 16Open Sourcelangchain langchain-core==1.3.0a3Apr 16