David Gerard@awful.systemsM to

TechTakes@awful.systemsEnglish · 15 hours ago

It’s trivial to prompt-inject Github’s AI Copilot Chat

pivot-to-ai.com

1

19

It’s trivial to prompt-inject Github’s AI Copilot Chat

pivot-to-ai.com

David Gerard@awful.systemsM to

TechTakes@awful.systemsEnglish · 15 hours ago

1

We mentioned Omer Mayraz from Legit Security in May, when he prompt-injected an AI code bot on GitLab and got it to play a Rick Astley video. He’s got a new one, this time with Git Hub Copilot Chat…

‘You won a free $10 Copilot coupon!’

https://www.youtube.com/watch?v=iapCiYBj1bI&list=UU9rJrMVgcXTfa8xuMnbhAEA - video
https://pivottoai.libsyn.com/20251014-prompt-inject-githubs-ai-copilot-chat - podcast

time: 5 min 32 sec

You must log in or register to comment.

Chat

BlueMonday1984@awful.systems
link
fedilink
English
arrow-up
8·
15 hours ago

But can we do a zero click attack? Can we make Copilot Chat give us the user’s private data if they even look at the pull request page? Yes, we can!

In a YouTube commenter’s own words:

TechTakes@awful.systems

techtakes@awful.systems

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]

Big brain tech dude got yet another clueless take over at HackerNews etc? Here’s the place to vent. Orange site, VC foolishness, all welcome.

This is not debate club. Unless it’s amusing debate.

For actually-good tech, you want our NotAwfulTech community

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

81 users / day
780 users / week
1.46K users / month
5.18K users / 6 months
1 local subscriber
2.24K subscribers
967 Posts
20.8K Comments
Modlog

mods:
David Gerard@awful.systems