David GerardMA to

TechTakesEnglish · 6 months ago

It’s trivial to prompt-inject Github’s AI Copilot Chat

pivot-to-ai.com

1

26

It’s trivial to prompt-inject Github’s AI Copilot Chat

pivot-to-ai.com

David GerardMA to

TechTakesEnglish · 6 months ago

1

We mentioned Omer Mayraz from Legit Security in May, when he prompt-injected an AI code bot on GitLab and got it to play a Rick Astley video. He’s got a new one, this time with Git Hub Copilot Chat…

‘You won a free $10 Copilot coupon!’

https://www.youtube.com/watch?v=iapCiYBj1bI&list=UU9rJrMVgcXTfa8xuMnbhAEA - video
https://pivottoai.libsyn.com/20251014-prompt-inject-githubs-ai-copilot-chat - podcast

time: 5 min 32 sec

Chat

BlueMonday1984
link
fedilink
English
arrow-up
13·
6 months ago

But can we do a zero click attack? Can we make Copilot Chat give us the user’s private data if they even look at the pull request page? Yes, we can!

In a YouTube commenter’s own words:

TechTakes

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !techtakes@awful.systems

Big brain tech dude got yet another clueless take over at HackerNews etc? Here’s the place to vent. Orange site, VC foolishness, all welcome.

This is not debate club. Unless it’s amusing debate.

For actually-good tech, you want our NotAwfulTech community

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

63 users / day
176 users / week
1.34K users / month
4.41K users / 6 months
108 local subscribers
2.53K subscribers
1.26K Posts
36.9K Comments
Modlog

mods:
David Gerard