CybersecurityJuly 11, 2026· via BleepingComputer

Stealthy AI attack hides in images to steal code secrets

Stealthy AI attack hides in images to steal code secrets

Image : BleepingComputer

A novel attack named Ghostcommit sneaks past AI code reviewers by hiding malicious instructions inside ordinary PNG files, then tricks coding assistants into leaking repository secrets. The technique abuses prompt injection, a vulnerability where models are coerced into executing unintended actions, and bypasses defenses by disguising the payload as an image.

How Ghostcommit slips through the cracks

Researchers showed Ghostcommit evading two popular AI code-review bots—CodeRabbit and Bugbot—neither of which inspect image attachments. Once inside a repository, the embedded prompt orders the coding agent to read a .env file and write every secret into the code as a list of numbers, effectively exfiltrating the data under the guise of a routine software change. The attack does not require any special permissions beyond read access to the repository, making it a low-barrier threat to open-source projects and private repos alike.

Why images are the perfect Trojan horse

Images are a blind spot for many AI-powered tools because they focus on text files. By encoding instructions in pixel data or metadata, attackers can smuggle commands past automated filters. The payload remains dormant until the AI assistant processes the image, at which point the hidden prompt activates and overrides the model’s intended behavior. This method underscores how non-text files can become vectors for prompt injection in AI-driven workflows.

Why it matters

Ghostcommit reveals a growing class of supply-chain risks where seemingly harmless assets harbor malicious logic. Teams relying on AI reviewers or agents must expand security checks to include image processing and sanitize all file inputs. The attack also highlights the need for stricter sandboxing and input validation in AI coding tools to prevent unauthorized data access. Without these safeguards, repositories—and the secrets they contain—remain vulnerable to stealthy exfiltration.


Source: BleepingComputer. AI-assisted editorial synthesis — TechnoExpress.

Read the original source on BleepingComputer →

← Back to home