{"id":14236,"date":"2026-07-11T10:04:02","date_gmt":"2026-07-11T10:04:02","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/07\/11\/ghostcommit-hides-prompt-injection-in-images-to-fool-ai-agents-steal-secrets\/"},"modified":"2026-07-11T10:04:02","modified_gmt":"2026-07-11T10:04:02","slug":"ghostcommit-hides-prompt-injection-in-images-to-fool-ai-agents-steal-secrets","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/07\/11\/ghostcommit-hides-prompt-injection-in-images-to-fool-ai-agents-steal-secrets\/","title":{"rendered":"&#8216;Ghostcommit&#8217; hides prompt injection in images to fool AI agents, steal secrets"},"content":{"rendered":"\n<div>&#8216;Ghostcommit&#8217; hides prompt injection in images to fool AI agents, steal secrets<\/div>\n<p> \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>A PNG hiding a prompt injection could steal your repo&#8217;s secrets, researchers demonstrate. The technique, dubbed &#8216;Ghostcommit,&#8217; slipped past AI code reviewers CodeRabbit and Bugbot, which never open image files at all, then convinced a coding agent to read a repo&#8217;s .env and write every secret into the code as a list of numbers. [&#8230;]<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Ax Sharma<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/ghostcommit-hides-prompt-injection-in-images-to-fool-ai-agents-steal-secrets\/\">Go to bleepingcomputer<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8216;Ghostcommit&#8217; hides prompt injection in images to fool AI agents, steal secrets A PNG hiding a prompt injection could steal your repo&#8217;s secrets, researchers demonstrate. The technique, dubbed &#8216;Ghostcommit,&#8217; slipped past AI code reviewers CodeRabbit and Bugbot, which never open image files at all, then convinced a coding agent to read a repo&#8217;s .env and [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[64,133],"tags":[80],"class_list":["post-14236","post","type-post","status-publish","format-standard","hentry","category-bleepingcomputer","category-security","tag-bleepingcomputer"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/14236"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=14236"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/14236\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=14236"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=14236"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=14236"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}