HN AI
GitLost: We Tricked GitHub's AI Agent into Leaking Private Repos
agentictool-use
What happened
Explores a security vulnerability ('GitLost') where researchers successfully tricked GitHub's AI agent into leaking private repositories, raising questions about agent identity, access control, and IAM (Identity and Access Management) for LLM agents.
Why it matters
Demonstrates that agentic tool-use without strict, isolated IAM boundaries can easily lead to critical data exfiltration.
The take
As we give agents access to write code and read private repos, IAM for agents becomes as critical as IAM for human developers. Sandboxing and strict scoping of agent tokens are non-negotiable.
Do this
Review the permissions and access tokens granted to any third-party coding or repository-level AI agents in your organization.
Don't read this site daily. Get it in your inbox.
The daily brief and Sunday deep dive — distilled, scored, and opinionated. For builders only.