cybersecuritynews

'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets

July 10, 2026

Back to all posts

Source: BleepingComputer

{ "summary": "In a significant cybersecurity development, researchers have discovered a new malware technique known as 'Ghostcommit'. This malicious software hides prompt injection within images, bypassing AI-powered security systems that typically detect such threats. The attackers exploit GitHub's auto-execution feature for scripts in pull requests to gain access to sensitive data. Canadian businesses should be aware of this sophisticated method as it poses a serious risk, particularly for
cybersecuritynews

Concerned about this threat to your business?

We help Canadian SMBs deploy the controls discussed in this article. Free 30-minute assessment — no obligation.

Book a free assessment