Ghostcommit attack hides malicious AI instructions in images


Ghostcommit is a proof of concept that shows how AI assistants used to review software code can be tricked by hidden instructions embedded in images.

The academic ASSET Research Group showed that an attacker can place instructions inside an image file, point to it in an AGENTS.md file, and get an AI coding agent to follow those instructions during a later task.

A pull request is basically a formal “please review and add my changes” request that a developer sends before changes are added to the main version of a software project. Human reviewers and, increasingly, AI coding tools may review the changes before they’re accepted.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Patch Tuesday – April 2026

    April 14, 2026

    Microsoft is publishing 167 vulnerabilities on April 2026 Patch Tuesday. Microsoft is aware of exploitation in the wild for one of today’s vulnerabilities, and public disclosure for one other. Microsoft evaluates 19 of the vulnerabilities published today as more likely to see future exploitation. So far this month, Microsoft has provided patches to address 80 browser ...

  • Zombie Microsoft bugs rise from the dead, pave way for crims and ransomware scum

    April 13, 2026

    Crooks are exploiting four Microsoft vulnerabilities – one patched 14 years ago and another tied to ransomware activity – according to America’s lead cyber-defense agency, which on Monday gave federal agencies two weeks to patch them. The four vulnerabilities added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on Monday are: CVE-2025-60710, a link-following vulnerability in Windows ...

  • Booking.com confirms hackers accessed customers’ data

    April 13, 2026

    Booking.com confirmed Monday that hackers may have accessed customers’ personal data, including names, email addresses, phone numbers, and booking details. The global travel and hotel reservation giant notified customers this past week of the breach, according to several online posts. “We’re writing to inform you that unauthorized third parties may have been able to access certain ...

  • JanelaRAT: A financial threat targeting users in Latin America

    April 13, 2026

    JanelaRAT is a malware family that takes its name from the Portuguese word “janela” which means “window”. JanelaRAT looks for financial and cryptocurrency data from specific banks and financial institutions in the Latin America region. JanelaRAT is a modified variant of BX RAT that has targeted users since June 2023. One of the key differences between ...

  • Basic-Fit confirms data on a million members stolen in cyberattack

    April 13, 2026

    Basic-Fit, Europe’s largest gym chain, has confirmed data including the bank details of around a million customers was stolen from its systems. Around 200,000 members in the Netherlands alone had their data snatched in a recent cyberattack, the company confirmed on Monday morning via emails sent to those affected. “Today, Basic-Fit has notified the relevant data ...

  • Suspect arrested after incendiary device thrown at OpenAI CEO Sam Altman’s home

    April 11, 2026

    A 20-year-old man has been arrested after a Molotov cocktail was thrown at the San Francisco home of OpenAI CEO Sam Altman early Friday morning. The incident happened around 4:00 am when a suspect “threw an incendiary destructive device” at Altman’s home, “causing a fire to one exterior gate” before fleeing on foot, according to statement ...