Hidden image prompt makes an AI agent leak repository secrets

Researchers created a with a malicious instruction hidden inside a PNG image. An er did not open the image, missed the danger, and approved the change. When a later read the image, the hidden took effect.

The agent opened the repository's .env file and wrote every secret key into the as an innocent-looking list of numbers. The method shows how a harmless-looking image can use an AI agent's to extract sensitive information.

Key points

  • The malicious instruction was hidden inside a PNG image.
  • The er approved the change without opening the image.
  • The followed the image's instruction and opened the .env file.
  • were placed in as a harmless-looking list of numbers.
  • Builders should strictly limit which files and secrets an agent can access.
Read original