Security researchers uncover a vulnerability in GitHub's MCP server: An exploit is reportedly letting attackers dupe AI assistants into exposing users' private repositories. Attackers use a simple prompt injection attack, where malicious issues filed in public repos instruct the AI to "helpfully" compile information about all repositories the user works on — including private ones. According to prominent software engineer Simon Willison, this creates a perfect security storm by granting access to private data and exposing it to malicious instructions.
You are viewing a single comment's thread from: