Majid Ghorbaninazhad

GitLost: When GitHub's AI Gets Fooled by a Single Word

When GitHub publicly launched GitHub Agentic Workflows in February 2026, the promise was compelling: developers would no longer need to write complex automation scripts. However, the discovery of the GitLost vulnerability proves how dangerous unchecked AI agents can be when handling sensitive code.

The Security Discovery That Shook GitHub When GitHub publicly launched GitHub Agentic Workflows in February 2026, the promise was compelling: developers would no longer need to write complex automation

scripts. Instead, they could simply write instructions in plain English within a Markdown file, and an AI agent (powered by Claude or GitHub Copilot) would handle everything. This agent could read Issues,

invoke various tools, and even respond automatically. But Sasi Levi, a security researcher at Noma Labs, immediately asked the critical question: What happens when this AI agent reads something it shouldn't

trust? The answer to that question led to the discovery of the GitLost vulnerability, which has become one of the most significant security concerns in the Agentic AI world. The finding was responsibly

disclosed to GitHub on July 7, 2026, and was quickly covered by major security media outlets including The Hacker News, SecurityWeek, Dark Reading, and CSO Online. [IMAGE_PLACEHOLDER_1] What Are GitHub

Agentic Workflows and How Do They Work? To understand this vulnerability, we first need to understand what GitHub Agentic Workflows are. This new GitHub feature allows teams to automate their interactions

with code repositories using natural language. Instead of writing complex YAML scripts, you simply write a Markdown file explaining what the AI agent should do. These workflows are executed by an AI agent

that works with Claude or GitHub Copilot. This agent can: Read Issues and Pull Requests Invoke various tools Access other repositories within the organization Automatically post comments Here's the problem:

Read Full Article