GitInject: Real-World Prompt Injection Attacks in AI-Powered CI/CD Pipelines
Researchers have developed GitInject, an open-source framework to test prompt injection vulnerabilities in AI agents used in CI/CD pipelines. These AI agents, which handle untrusted code and have high repository permissions, are susceptible to attacks that can impact software supply chains. The framework simulates real GitHub workflows, revealing eleven distinct attack types including credential exfiltration and configuration manipulation. Findings indicate that all tested AI providers are vulnerable in their default configurations, with critical issues stemming from how CI/CD systems manage credentials and configuration files rather than specific model behaviors. AI
IMPACT Highlights critical security risks in AI agents used for code deployment, necessitating robust countermeasures in CI/CD systems.