"The researchers found that AI agents associated with these tools on GitHub Actions can be hijacked using specially crafted GitHub comments, including PR titles, comments, and issue bodies."
"In the case of Claude Code Security Review, the researchers showed how an attacker could use a specially crafted PR title to trick the AI agent into executing arbitrary commands, extracting credentials, and revealing them as a security finding."
"The Comment and Control attack can pose a serious threat, as the attacker's malicious prompt is automatically triggered by GitHub Actions workflows, without any action from the victim."
The 'Comment and Control' attack method exploits vulnerabilities in popular AI code security tools like Anthropic's Claude, Google's Gemini, and GitHub Copilot. Researchers demonstrated that attackers can manipulate AI agents through specially crafted GitHub comments, including PR titles and issue bodies. This method allows for executing arbitrary commands, extracting credentials, and bypassing security measures. The attack poses significant risks as it can be triggered automatically by GitHub Actions workflows, with minimal victim involvement required in most cases.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]