Security researchers demonstrated a prompt injection technique that manipulated GitHub’s AI coding agent into exposing contents of private repositories it had access to. The attack, dubbed ‘GitLost,’ exploits the way AI agents process and act on instructions embedded in untrusted content. The findings raise concerns about the security boundaries of AI agents operating with access to sensitive data.