Attackers are embedding hidden prompt injection commands in images to trick AI code review agents into extracting and exposing sensitive repository secrets like API keys and credentials. Your organization should be cautious about allowing AI agents to pro
Read the full article: https://www.bleepingcomputer.com/news/security/ghostcommit-hides-prompt-injection-in-images-to-fool-ai-agents-steal-secrets/