Agents hooked into GitHub can steal creds – but Anthropic, Google, and Microsoft haven't warned users

Security researchers have successfully exploited vulnerabilities in AI agents integrated with GitHub Actions, demonstrating how prompt injection attacks can be used to steal API keys and access tokens from these tools. The researchers, who discovered flaws in agents developed by Anthropic, Google, and Microsoft, received bug bounty rewards for their findings but note that the companies have not issued public warnings to users about these security risks.

The attacks work by manipulating AI agents through prompt injection techniques that trick them into revealing sensitive credentials stored in their environments. This vulnerability is particularly concerning because many developers use AI agents to automate workflows within GitHub, potentially exposing their authentication tokens and API keys to compromise. The researchers suggest that similar vulnerabilities likely exist across numerous other AI agent implementations, indicating a widespread security problem in the ecosystem.

Despite receiving bug bounties and coordinating with the companies, the lack of public disclosure to users represents a significant gap in security communication. This leaves developers potentially unaware that their credentials could be at risk when using these AI-integrated tools, raising questions about how and when organizations should inform users of security threats in emerging AI technologies and the broader implications for securing AI agent deployments in production environments.