Noma Security's GitLost research shows that a public GitHub issue can trick GitHub Agentic Workflows into exfiltrating private repository contents. The attack requires no credentials — just a crafted issue on any public repo the agent can see.
Noma Security's GitLost research shows that a public GitHub issue can trick GitHub Agentic Workflows into exfiltrating private repository contents. The attack requires no credentials — just a crafted issue on any public repo the agent can see.
Research confirms that text embeddings stored in vector databases are not safely anonymised. Inversion attacks can reconstruct source text with high fidelity from embeddings alone, including those produced by commercial APIs.
Johann Rehberger's DEF CON Singapore research demonstrates how indirect prompt injection chains into Microsoft Copilot's memory feature to plant a persistent backdoor — one that survives across every future session, not just the compromised one.
Varonis Threat Labs chained three bugs in Microsoft 365 Copilot Enterprise Search to build a one-click exfiltration path that pulls emails, files, and live MFA codes without any OAuth prompt or user consent beyond clicking a Microsoft-domain URL.
A UK law firm's misconfigured AI document assistant was exploited to systematically extract privileged client communications and M&A due diligence files over six weeks.